{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-25022","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-01-31T16:26:45.223Z","datePublished":"2025-06-03T15:16:19.691Z","dateUpdated":"2026-02-26T18:27:38.077Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:qradar_suite:1.10.12.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:qradar_suite:1.11.2.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"QRadar Suite Software","vendor":"IBM","versions":[{"lessThanOrEqual":"1.11.2.0","status":"affected","version":"1.10.12.0","versionType":"semver"}]},{"cpes":["cpe:2.3:a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*","cpe:2.3:a:ibm:cloud_pak_for_security:1.10.11.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","product":"Cloud Pak for Security","vendor":"IBM","versions":[{"lessThanOrEqual":"1.10.11.0","status":"affected","version":"1.10.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files."}],"value":"IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"HIGH","baseScore":9.6,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-260","description":"CWE-260 Password in Configuration File","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-26T14:53:06.088Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7235432"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM strongly encourages customers to update their systems promptly.<br><br>Please upgrade to at least version 1.11.3.0 according to the following instructions:<br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=installing\">https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=installing</a><br><br><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=upgrading\">https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=upgrading</a><br>"}],"value":"IBM strongly encourages customers to update their systems promptly.\n\nPlease upgrade to at least version 1.11.3.0 according to the following instructions:\n\n https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=installing \n\n https://www.ibm.com/docs/en/cloud-paks/cp-security/1.11?topic=upgrading"}],"source":{"discovery":"UNKNOWN"},"title":"IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-25022","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-06-04T03:56:06.436182Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:27:38.077Z"}}]}}