{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-36005","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T21:16:05.532Z","datePublished":"2025-07-24T14:52:53.238Z","dateUpdated":"2025-08-17T01:24:38.369Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"],"defaultStatus":"unaffected","product":"MQ Operator","vendor":"IBM","versions":[{"lessThanOrEqual":"2.0.29 LTS","status":"affected","version":"2.0.0 LTS","versionType":"semver"}]},{"cpes":["cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"],"defaultStatus":"unaffected","product":"MQ Operator","vendor":"IBM","versions":[{"status":"affected","version":"3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"}]},{"cpes":["cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*","cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"],"defaultStatus":"unaffected","product":"MQ Operator","vendor":"IBM","versions":[{"lessThanOrEqual":"3.2.13 SC2","status":"affected","version":"3.2.0 SC2","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."}],"value":"IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper Certificate Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-17T01:24:38.369Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7240431"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Issues mentioned by this security bulletin are addressed in -
IBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image.
IBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.
IBM MQ Container 9.4.3.0-r2 release.
IBM strongly recommends applying the latest container images.
IBM MQ Operator v3.6.1 CD release details:
ibm-mq-operator v3.6.1 icr.io icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03
ibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d
ibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed
ibm-mqadvanced-server-dev 9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5
IBM MQ Operator v3.2.14 SC2 release details:
ibm-mq-operator v3.2.14 icr.io icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf
ibm-mqadvanced-server 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d
ibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014
ibm-mqadvanced-server-dev 9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15
IBM MQ Container 9.4.3.0-r2 release details:
ibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d
ibm-mqadvanced-server-dev 9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5
"}],"value":"Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator v3.6.1 icr.io icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev 9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator v3.2.14 icr.io icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev 9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev 9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"}],"source":{"discovery":"UNKNOWN"},"title":"IBM MQ Operator information disclosure","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-24T15:03:30.894944Z","id":"CVE-2025-36005","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-24T15:04:05.741Z"}}]}}