{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-3631","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-04-15T09:48:13.276Z","datePublished":"2025-07-11T18:37:38.769Z","dateUpdated":"2025-08-18T01:35:24.388Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"],"defaultStatus":"unaffected","product":"MQ","vendor":"IBM","versions":[{"lessThanOrEqual":"9.3.5.1 CD","status":"affected","version":"9.3.2.0 CD","versionType":"semver"},{"lessThanOrEqual":"9.4.2.1 CD","status":"affected","version":"9.4.0.0","versionType":"semver"},{"lessThanOrEqual":"9.4.0.11 LTS","status":"affected","version":"9.4.0.0 LTS","versionType":"semver"}]},{"cpes":["cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*","cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*","cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"],"defaultStatus":"unaffected","product":"MQ Appliance","vendor":"IBM","versions":[{"lessThanOrEqual":"9.3.5.2 CD","status":"affected","version":"9.3.2.0 CD","versionType":"semver"},{"lessThanOrEqual":"9.4.0.11 LTS","status":"affected","version":"9.4.0.0 LTS","versionType":"semver"},{"lessThanOrEqual":"9.4.2.1 CD","status":"affected","version":"9.4.1.0 CD","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."}],"value":"An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2025-08-18T01:35:24.388Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7238310"},{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7237025"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"This issue was addressed under known issue DT435291 .<br><br>IBM MQ version 9.4 LTS<br><br>Apply fix pack 9.4.0.12<br><br>IBM MQ version 9.3 CD and 9.4 CD<br><br>Upgrade to IBM MQ version 9.4.3<br><br><div><div><div><div>IBM MQ Appliance version 9.3 CD</div></div></div><div><div><div>Upgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.</div></div></div><div>&nbsp;<div><div>IBM MQ Appliance version 9.4 LTS</div><div><div>Apply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.</div>&nbsp;<div>IBM MQ Appliance version 9.4 CD</div><div>Apply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.</div></div></div></div></div>\n\n<br>"}],"value":"This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."}],"source":{"discovery":"UNKNOWN"},"title":"IBM MQ denial of service","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-11T18:51:57.975695Z","id":"CVE-2025-3631","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-11T18:52:08.264Z"}}]}}