CVE-2025-33121

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.2%
top 56.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar SiemIBM Qradar Security Information AND Event Manager
Timeline
PublishedJun 19

Description

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/qradar_siem7.57.5.0 Update Pack 12

🔴Vulnerability Details

2
GHSA
GHSA-wv75-vg2r-ppj6: IBM QRadar SIEM 72025-06-19
CVEList
IBM QRadar SIEM XML external entity injection2025-06-19
CVE-2025-33121 (HIGH CVSS 7.1) | IBM QRadar SIEM 7.5 through 7.5.0 U | cvebase.io