SB2025122227 - Multiple vulnerabilities in IBM Security QRadar Network Threat Analytics

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025122227

SB2025122227 - Multiple vulnerabilities in IBM Security QRadar Network Threat Analytics

Published: December 22, 2025 Updated: January 4, 2026

Security Bulletin ID SB2025122227
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 40% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper authorization (CVE-ID: CVE-2025-29927)

The vulnerability allows a remote attacker to bypass authorization process. 

The vulnerability exists due to missing authorization checks. A remote attacker can bypass authorization mechanism and compromise the affected application.


2) Missing Origin Validation in WebSockets (CVE-ID: CVE-2025-48068)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing origin validation on the WebSocket interface  if the project uses the App Router. When running next dev, a malicious website can open a WebSocket connection to localhost and access component source code.


3) Input validation error (CVE-ID: CVE-2025-55173)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input within the Image Optimization feature. A remote attacker with control over external image sources can trigger file downloads with arbitrary content and filenames under specific configurations and perform phishing attacks.


4) Use of cache containing sensitive information (CVE-ID: CVE-2025-57752)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper cache management in Image Optimization API. A remote attacker can gain access to sensitive images cached by the application. 


5) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-57822)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when next() is used without explicitly passing the request object. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


Remediation

Install update from vendor's website.

References