CVE-2025-25022

CWE-2603 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 69.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite SoftwareIBM Qradar Suite
Timeline
PublishedJun 3

Description

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages4 packages

CVEListV5ibm/qradar_suite_software1.10.12.01.11.2.0
NVDibm/qradar_suite1.10.12.01.11.2.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
GHSA
GHSA-jqjr-322m-7mjw: IBM QRadar Suite Software 12025-06-03
CVEList
IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure2025-06-03
CVE-2025-25022 (HIGH CVSS 8.8) | IBM QRadar Suite Software 1.10.12.0 | cvebase.io