CVE-2025-23225

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7183372	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:mq_appliance:::::continuous_delivery:::*
	cpe:2.3:a:ibm:mq_appliance:::::lts:::*
	cpe:2.3:a:ibm:mq_appliance:::::lts:::*

History

03 Jul 2025, 20:25

Type	Values Removed	Values Added
Summary		(es) IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS y 9.4 CD podrían permitir que un usuario autenticado provoque una denegación de servicio debido a la gestión inadecuada de encabezados no válidos enviados a la cola.
References	~~() https://www.ibm.com/support/pages/node/7183372 -~~	() https://www.ibm.com/support/pages/node/7183372 - Vendor Advisory
CPE		cpe:2.3:a:ibm:mq_appliance:::::lts:::* cpe:2.3:a:ibm:mq_appliance:::::continuous_delivery:::*
First Time		Ibm Ibm mq Appliance

28 Feb 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-28 03:15

Updated : 2025-07-03 20:25

NVD link : CVE-2025-23225

Mitre link : CVE-2025-23225

CVE.ORG link : CVE-2025-23225

JSON object : View

Products Affected

ibm

mq_appliance

CWE

CWE-230

Improper Handling of Missing Values

6.5 /10