Multiple vulnerabilities in IBM QRadar SIEM

1) Out-of-bounds read

EUVDB-ID: #VU108250

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49846

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the udf_find_entry() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU112275

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-52520

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to overflow in file upload limit. A remote attacker can send specially crafted requests to the server and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU111221

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-49794

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the xmlSchematronGetNode() function when processing XPath expressions in Schematron schema elements schematron.c. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Type Confusion

EUVDB-ID: #VU111223

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-49796

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the xmlSchematronFormatReport() function when processing sch:name elements in schematron.c. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and crash the application. 

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU111225

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-6021

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the xmlBuildQName() function in tree.c . A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU111628

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-50020

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ext4_resize_fs() function in fs/ext4/resize.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU106598

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21928

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ishtp_hid_remove() function in drivers/hid/intel-ish-hid/ishtp-hid.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU107680

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22020

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtsx_usb_ms_drv_remove() function in drivers/memstick/host/rtsx_usb_ms.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU109282

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37890

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU111465

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38052

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU111459

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38079

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hash_accept() function in crypto/algif_hash.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU104471

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49111

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hci_disconn_phylink_complete_evt() function in net/bluetooth/hci_event.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU104470

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49136

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hci_cmd_sync_queue() function in net/bluetooth/hci_sync.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU100062

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the reqsk_queue_unlink() and reqsk_timer_handler() functions in net/ipv4/inet_connection_sock.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU113533

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-7425

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the xsltSetSourceNodeFlags() function. A remote attacker can pass specially crafted XML input to the application, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of uninitialized resource

EUVDB-ID: #VU112120

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-38086

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ch9200_mdio_read() function in drivers/net/usb/ch9200.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) NULL pointer dereference

EUVDB-ID: #VU111519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49977

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ftrace_startup() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU106865

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21905

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU106804

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21919

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU109000

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-28956

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to an error in the hardware support for prediction-domain isolation dubbed "Indirect Target Selection". A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Exposed dangerous method or function

EUVDB-ID: #VU101890

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-53920

CWE-ID: CWE-749 - Exposed Dangerous Method or Function

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation in elisp-mode.el. A remote attacker can trick the victim into invoking elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code, trigger unsafe Lisp macro expansion and execute arbitrary code on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Integer overflow

EUVDB-ID: #VU109848

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-4373

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the g_string_insert_unichar() function in glib/gstring.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Insufficient verification of data authenticity

EUVDB-ID: #VU89351

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34397

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Session Fixation

EUVDB-ID: #VU114443

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-55668

CWE-ID: CWE-384 - Session Fixation

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to session fixation. A remote attacker can trick the victim into opening a specially crafted request to gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Heap-based buffer overflow

EUVDB-ID: #VU107596

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-32415

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the xmlSchemaIDCFillNodeTables() function. A remote attacker can pass specially crafted XML data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Off-by-one

EUVDB-ID: #VU100566

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-52533

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Heap-based buffer overflow

EUVDB-ID: #VU22494

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-17543

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the LZ4_write32 when performing archiving operation with LZ4_compress_fast. A remote attacker can pass specially crafted input to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU18785

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2019-5427

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing XML files within the c3p0/src/java/com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java. A remote attacker can create a specially crafted XML file, pass it to the affected application and trigger recursive entity expansion when loading configuration. This results in denial of service (DoS) attack aka billion laughs attack.

Exploit:

<?xml version="1.0"?>
<!DOCTYPE lolz [
        <!ENTITY lol "lol">
        <!ELEMENT lolz (#PCDATA)>
        <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
        <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
        <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
        <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
        <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
        <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
        <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
        <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
        <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
        ]>
<lolz>&lol9;</lolz>

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

29) Buffer overflow

EUVDB-ID: #VU113156

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-6965

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Insufficiently protected credentials

EUVDB-ID: #VU27258

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-5260

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: Yes

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the Git can be tricked into sending private credentials to a host controlled by an attacker. A remote attacker can send a specially crafted URL to "git clone" that will present stored credentials for any host to a host of their choosing.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

31) Buffer overflow

EUVDB-ID: #VU104802

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49058

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the parse_mf_symlink() function in fs/cifs/link.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU108204

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49788

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qp_notify_peer_local() and qp_notify_peer() functions in drivers/misc/vmw_vmci/vmci_queue_pair.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU104971

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57980

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Resource management error

EUVDB-ID: #VU105071

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58002

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the uvc_v4l2_release() function in drivers/media/usb/uvc/uvc_v4l2.c, within the uvc_ctrl_send_slave_event(), uvc_ctrl_status_event(), uvc_ctrl_commit_entity() and uvc_ctrl_init_device() functions in drivers/media/usb/uvc/uvc_ctrl.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU106647

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21991

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the load_microcode_amd() function in arch/x86/kernel/cpu/microcode/amd.c. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU106956

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22004

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_send() function in net/atm/lec.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU108247

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-23150

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the do_split() function in fs/ext4/namei.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU108241

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-37738

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4_xattr_inode_dec_ref_all() function in fs/ext4/xattr.c. A local user can escalate privileges on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Insecure temporary file

EUVDB-ID: #VU101797

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-54661

CWE-ID: CWE-377 - Insecure Temporary File

Exploit availability: No

The vulnerability allows a local user to overwrite arbitrary files on the system.

The vulnerability exists due to usage of a predictable temporary file name in readline.sh. A local user can create a symbolic link from the temporary file to an arbitrary files on the system and overwrite it with the application's output, corrupting the file.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Path traversal

EUVDB-ID: #VU109840

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-47273

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper Encoding or Escaping of Output

EUVDB-ID: #VU102870

Risk: Low

CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50349

CWE-ID: CWE-116 - Improper Encoding or Escaping of Output

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing  attack.

The vulnerability exists due to incorrect handling of control sequences in account names when asking for credentials. A remote attacker can trick the victim into clicking on a specially crafted URL and trick users into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper Encoding or Escaping of Output

EUVDB-ID: #VU102869

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52006

CWE-ID: CWE-116 - Improper Encoding or Escaping of Output

Exploit availability: No

The vulnerability allows a remote attacker to exfiltrate data.

The vulnerability exists due to newline confusion in credential helpers when interpreting single Carriage Return characters. A remote attacker can gain access to sensitive information.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Protection Mechanism Failure

EUVDB-ID: #VU112642

Risk: High

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-27613

CWE-ID: CWE-693 - Protection Mechanism Failure

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists in Gitk when cloning an untrusted repository and executing Gitk without additional command arguments. A remote attacker can abuse such behavior and overwrite or truncate any files on the system. 

Successful exploitation of the vulnerability requires that the "Support per-file encoding" option is enabled. 

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Heap-based buffer overflow

EUVDB-ID: #VU111912

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-48060

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the jv_string_vfmt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU112643

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-27614

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Product UI does not warn user of unsafe actions

EUVDB-ID: #VU112646

Risk: Medium

CVSSv4.0: 4.5 [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-46835

CWE-ID: CWE-356 - Product UI does not Warn User of Unsafe Actions

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing notifications in Git GUI when performing potentially dangerous actions. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) CRLF injection

EUVDB-ID: #VU112637

Risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2025-48384

CWE-ID: CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Exploit availability: Yes

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

48) Input validation error

EUVDB-ID: #VU112638

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-48385

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected client.

The vulnerability exists due to insufficient validation of bundle-uri parameter when cloning a repository. A remote attacker can trick the victim into cloning a specially crafted repository, perform a protocol injection attack and write code to arbitrary locations on the system, leading to remote code execution. 

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Information disclosure

EUVDB-ID: #VU109423

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43420

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Information disclosure

EUVDB-ID: #VU109425

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45332

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Incorrect behavior order

EUVDB-ID: #VU109171

Risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20012

CWE-ID: CWE-696 - Incorrect Behavior Order

Exploit availability: No

The vulnerability allows a local attacker to gain access to sensitive information on the system. The vulnerability exists due to incorrect behavior order. An attacker with physical access can disclose sensitive information on the target system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Information disclosure

EUVDB-ID: #VU109424

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20623

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to shared microarchitectural predictor state that influences transient execution. A local user can gain access to sensitive information.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Missing initialization of resource

EUVDB-ID: #VU109169

Risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-24495

CWE-ID: CWE-909 - Missing initialization of resource

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to incorrect initialization of resource in the branch prediction unit. A local user can gain unauthorized access to sensitive information on the system.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Input validation error

EUVDB-ID: #VU112274

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-52434

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling HTTP/2 requests with APR/Native. A remote attacker can send specially crafted HTTP requests to the server and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Resource exhaustion

EUVDB-ID: #VU112276

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-53506

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling excessive HTTP/2 streams. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Cross-site scripting

EUVDB-ID: #VU97689

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-6531

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via an anchor element (<a>), when used for carousel navigation with a data-slide attribute. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Integer overflow

EUVDB-ID: #VU111913

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-23337

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in src/jv.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.

Install update from vendor's website.

IBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 13

• cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_13:*:*:*:*:*:*

https://www.ibm.com/support/pages/node/7243011

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.