CVE-2025-36007 — Incorrect Privilege Assignment in IBM Qradar Siem

CWE-266 — Incorrect Privilege Assignment3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 98.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Siem IBM Qradar Security Information AND Event Manager

Timeline

PublishedOct 27

Description

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/qradar_siem7.5.0 — 7.5.0 UP13 IF02

▶NVDibm/qradar_security_information_and_event_manager7.5.0

🔴Vulnerability Details

GHSA

GHSA-7c63-x96c-8hpq: IBM QRadar SIEM 7↗2025-10-27

▶

CVEList

IBM QRadar SIEM incorrect privilege assignment↗2025-10-27

▶