CVE-2025-0975
HIGHDescription
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.
Is your site exposed to CVE-2025-0975?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | mq_appliance |
| ibm | mq_appliance |
| ibm | mq_appliance |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-0975? +
How severe is CVE-2025-0975? +
What products are affected by CVE-2025-0975? +
How do I check if I'm vulnerable to CVE-2025-0975? +
Related Vulnerabilities
http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML …
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was …
Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find …
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the …
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric …
Crayfish is a collection of Islandora 8 microservices, one of which, Homarus, provides FFmpeg as a microservice. Prior to Crayfish …