CVE-2025-27365Use After Free in IBM MQ Operator

CWE-416Use After Free3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM MQ OperatorIBM Supplied MQ Advanced Container Images
Timeline
PublishedMay 1
Latest updateMay 2

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5ibm/mq_operator2.0.0 LTS2.0.29 LTS+2
NVDibm/mq_operator2.0.02.0.29+12

🔴Vulnerability Details

2
GHSA
GHSA-cx2v-3m68-m9x4: IBM MQ Operator LTS 22025-05-02
CVEList
IBM MQ Operator denial of service2025-05-01
CVE-2025-27365 — Use After Free in IBM MQ Operator | cvebase