CVE-2025-25021

CWE-94 — Code Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.5%

top 35.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK FOR Security IBM Qradar Suite Software IBM Qradar Suite

Timeline

PublishedJun 3

Description

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5ibm/qradar_suite_software1.10.12.0 — 1.11.2.0

▶NVDibm/qradar_suite1.10.12.0 — 1.11.2.0

▶CVEListV5ibm/cloud_pak_for_security1.10.0.0 — 1.10.11.0

▶NVDibm/cloud_pak1.10.0.0 — 1.10.11.0

🔴Vulnerability Details

CVEList

IBM QRadar Suite Software and IBM Cloud Pak for Security code injection↗2025-06-03

▶

GHSA

GHSA-8gw9-w5qj-8xvr: IBM QRadar Suite Software 1↗2025-06-03

▶