The most severe vulnerability, tracked as CVE-2025-25022, carries a CVSS base score of 9.6 and enables unauthenticated users to obtain highly sensitive information from configuration files.
These vulnerabilities affect IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 and QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, prompting immediate remediation efforts across affected organizations.
The most critical vulnerability identified in this security bulletin is CVE-2025-25022, which exploits CWE-260: Password in Configuration File weakness.
This flaw allows unauthenticated attackers within the network environment to access highly sensitive configuration data without requiring any user credentials.
The vulnerability’s CVSS vector (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) indicates that attackers can achieve high impact across confidentiality, integrity, and availability with low attack complexity from adjacent networks.
Security researchers have demonstrated that this vulnerability stems from improper access controls on configuration files containing sensitive information, including potential passwords and system configurations.
The attack vector requires adjacent network access, suggesting that attackers who have gained initial network foothold can exploit this vulnerability to escalate privileges and access critical security infrastructure components.
Organizations using QRadar SIEM for security monitoring and incident response face particularly high risks, as compromised configuration files could expose entire security architectures to malicious actors.
| Risk Factors | Details |
| Affected Products | IBM Cloud Pak for Security 1.10.0.0-1.10.11.0, QRadar Suite 1.10.12.0-1.11.2.0 |
| Impact | Unauthenticated access to sensitive configuration files |
| Exploit Prerequisites | Adjacent network access |
| CVSS 3.1 Score | 9.6 (Critical) |
Beyond the configuration file vulnerability, IBM identified four additional security flaws that collectively compromise QRadar’s security posture.
CVE-2025-25021 presents a code injection vulnerability with CVSS score 7.2, allowing privileged users to execute arbitrary code through case management script creation due to CWE-94: Improper Control of Generation of Code.
This vulnerability requires high privileges but enables complete system compromise through the CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2025-25019 addresses session management failures where QRadar SIEM fails to invalidate sessions after logout, classified under CWE-613: Insufficient Session Expiration.
With a CVSS score of 4.8, this vulnerability enables user impersonation attacks through persistent session tokens.
Additionally, CVE-2025-25020 affects API input validation mechanisms, potentially causing denial-of-service conditions with a CVSS score of 6.5 through CWE-1287: Improper Validation of Specified Type of Input.
The final vulnerability, CVE-2025-1334, involves CWE-525: Use of Web Browser Cache Containing Sensitive Information, allowing local users to access cached sensitive data with a CVSS score of 4.0.
IBM strongly recommends immediate system updates to address these vulnerabilities, emphasizing that organizations must upgrade to version 1.11.3.0 or later.
The company has published comprehensive remediation instructions through their Cloud Pak for Security documentation portal, providing both installation and upgrade pathways for affected systems.
Notably, IBM has not identified any workarounds or mitigations for these vulnerabilities, making system updates the only viable protection strategy.
The vulnerabilities were discovered by IBM’s Security internal Team, including researchers John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak.
Organizations should prioritize remediation of CVE-2025-25022 due to its critical CVSS rating and potential for unauthenticated exploitation, while simultaneously addressing the remaining vulnerabilities to ensure a comprehensive restoration of their security posture.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
The post IBM QRadar Vulnerabilities Let Attackers Access Sensitive Configuration Files appeared first on Cyber Security News.
Resident Evil Requiem fans believe next month’s mysterious content update will add a new version…
Wrestlemania 42 is finally here, and I’m here in Las Vegas at Allegiant Stadium to…
Game of Thrones alum Charles Dance has reportedly entered talks to join The Batman Part…
Tension: We crave sustainable food innovation yet recoil from eating anything that didn’t come from…
Tension: We perform intimacy online while starving for genuine connection offline. Noise: The algorithm rewards…
This article was published in 2026 and references a historical event from 2013, included here…
This website uses cookies.