CVE-2025-25022
CRITICALDescription
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | cloud_pak_for_security |
| ibm | qradar_suite |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-25022? +
How severe is CVE-2025-25022? +
What products are affected by CVE-2025-25022? +
How do I check if I'm vulnerable to CVE-2025-25022? +
Related Vulnerabilities
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files …
eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed …
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout.
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a …
IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored …