CVE-2025-25022

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7235432

Configurations

No configuration.

History

04 Jun 2025, 14:54

Type	Values Removed	Values Added
Summary		(es) IBM QRadar Suite Software 1.10.12.0 a 1.11.2.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 podrían permitir que un usuario no autenticado en el entorno obtenga información altamente confidencial en los archivos de configuración.

03 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-03 16:15

Updated : 2025-06-04 14:54

NVD link : CVE-2025-25022

Mitre link : CVE-2025-25022

CVE.ORG link : CVE-2025-25022

JSON object : View

Products Affected

No product.

CWE

CWE-260

Password in Configuration File

9.6 /10