CVE-2025-33013 — Heap Inspection in IBM MQ Operator

CWE-244 — Heap Inspection CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer3 documents3 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 94.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM MQ Operator IBM Supplied MQ Advanced Container Images

Timeline

PublishedJul 24

Latest updateJul 25

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5ibm/mq_operator2.0.0 LTS — 2.0.29 LTS+2

▶NVDibm/mq_operator2.0.0 — 2.0.29+6

▶NVDibm/supplied_mq_advanced_container_images25 versions+24

🔴Vulnerability Details

GHSA

GHSA-gvh3-f4g3-c9ff: IBM MQ Operator LTS 2↗2025-07-25

▶

CVEList

IBM MQ Operator information disclosure↗2025-07-24

▶