CVE-2025-25019

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 66.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite SoftwareIBM Qradar Suite
Timeline
PublishedJun 3

Description

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages4 packages

CVEListV5ibm/qradar_suite_software1.10.12.01.11.2.0
NVDibm/qradar_suite1.10.12.01.11.2.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
CVEList
IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation2025-06-03
GHSA
GHSA-2wgg-6f6v-vvvx: IBM QRadar Suite Software 12025-06-03
CVE-2025-25019 (MEDIUM CVSS 6.5) | IBM QRadar Suite Software 1.10.12.0 | cvebase.io