CVE-2025-36128
HIGHDescription
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.
Is your site exposed to CVE-2025-36128?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ibm | mq |
| ibm | mq |
| ibm | mq |
| ibm | mq |
| ibm | mq |
| ibm | mq |
| ibm | aix |
| ibm | i |
| linux | linux_kernel |
| microsoft | windows |
| oracle | solaris |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36128? +
How severe is CVE-2025-36128? +
What products are affected by CVE-2025-36128? +
How do I check if I'm vulnerable to CVE-2025-36128? +
Related Vulnerabilities
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race …
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit …
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are …
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each …
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the …
A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted …