Critical Vulnerabilities Patched in IBM QRadar Suite & Cloud Pak for Security
Summary : Security Advisory
Multiple vulnerabilities have been discovered in IBM QRadar Suite Software and Cloud Pak, affecting versions 1.10.0.0 through 1.11.2.0.
The company released patches on June 3, 2025, addressing five distinct Common Vulnerabilities and Exposures (CVEs) that affect enterprise security infrastructure used by organizations worldwide.
| OEM | IBM |
| Severity | Critical |
| CVSS Score | 9.6 |
| CVEs | CVE-2025-25022, CVE-2025-2502, CVE-2025-25020, CVE-2025-25019, CVE-2025-1334 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
These include risks such as remote code execution, information disclosure, session hijacking, and denial of service. The most critical vulnerability (CVE-2025-25022) allows unauthenticated access to sensitive configuration files. IBM has released version 1.11.3.0 to address these issues.
| Vulnerability Name | CVE ID | Product Affected | CVSS Score | Severity |
| Information Disclosure Vulnerability | CVE-2025-25022 | IBM Cloud Pak, QRadar Suite | 9.6 | Critical |
| Code Execution Vulnerability | CVE-2025-25021 | IBM QRadar SIEM | 7.2 | High |
| Denial of Service Vulnerability | CVE-2025-25020 | IBM QRadar SIEM | 6.5 | Medium |
| Session Hijacking Vulnerability | CVE-2025-25019 | IBM QRadar SIEM | 4.8 | Medium |
| Web Cache Disclosure Vulnerability | CVE-2025-1334 | IBM QRadar Suite | 4.0 | Medium |
Technical Summary
The identified vulnerabilities affect both the IBM QRadar Suite and Cloud Pak, exposing them to a variety of threats such as unauthorized access, arbitrary code execution, and denial of service.
These flaws arise from weaknesses in session handling, code generation, API validation, and file configuration security.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-25022 | QRadar SIEM | Unauthenticated access to sensitive config files due to poor protections. | Information disclosure, RCE |
| CVE-2025-25021 | QRadar SIEM | Privileged code execution due to improper script code generation in case management. | Remote Code Execution |
| CVE-2025-25020 | QRadar SIEM | API input validation flaw allowing service crash via malformed data | Denial of Service |
| CVE-2025-25019 | QRadar SIEM | Sessions not invalidated upon logout, enabling impersonation by attackers. | Session Hijacking |
| CVE-2025-1334 | QRadar Suite | Cached web content readable by other users, compromising multi-user data confidentiality. | Local Info Disclosure |
Remediation:
- Apply Latest Fix: Upgrade to IBM QRadar Suite Software and Cloud Pak version 1.11.3.0 or later.
Refer to IBM’s official installation and upgrade documentation for detailed steps.
Conclusion:
These vulnerabilities pose significant security risks, especially CVE-2025-25022 with a critical severity score of 9.6. Organizations using the affected IBM QRadar and Cloud Pak versions should prioritize upgrading to latest version to mitigate exposure.
IBM has acknowledged these issues and released patches to address all five vulnerabilities.
Notably, IBM has identified no effective workarounds or mitigations for these vulnerabilities, making patching the only viable protection strategy.
References: