Ddos 
IBM has issued a security bulletin addressing three critical vulnerabilities in its QRadar SIEM platform, a widely used solution for security information and event management. The flaws—ranging from local information disclosure to remote code execution via autoupdate abuse—affect QRadar SIEM versions 7.5 to 7.5.0 UP12 IF01, and pose serious risks to enterprises relying on QRadar for real-time threat detection and response.
“IBM Security QRadar SIEM is affected by multiple vulnerabilities that could allow unauthorized access to sensitive data or arbitrary command execution,” the advisory notes.
The first vulnerability, CVE-2025-36050, arises from how QRadar handles its log data. The platform was found to store potentially sensitive information in log files, which could be accessed by local users with filesystem access. While this flaw doesn’t allow remote exploitation, it opens the door to internal data leaks if access control over log directories is not properly enforced. IBM rated this issue with a CVSS score of 6.2, recognizing the moderate risk of unauthorized data disclosure.
The second vulnerability, CVE-2025-33121, is more serious in scope, affecting QRadar’s XML processing logic. IBM confirmed that QRadar SIEM is vulnerable to a XML External Entity (XXE) injection attack, which can be exploited by a remote attacker sending specially crafted XML data. As described in the bulletin, “a remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.” This not only presents risks of data exfiltration, but also opens the possibility of denial-of-service conditions by exhausting system memory. IBM assigned a CVSS base score of 7.1 to reflect the higher risk profile of this remotely exploitable flaw.
The most severe vulnerability disclosed is CVE-2025-33117, which has been rated a CVSS 9.1—placing it squarely in the “critical” category. This flaw allows a privileged user to tamper with QRadar’s configuration files and upload a malicious autoupdate file. If successfully deployed, this file can be used to execute arbitrary commands on the system, effectively handing control of the server over to the attacker. The ability to abuse QRadar’s autoupdate mechanism poses an especially serious threat, as it could be used to establish persistent backdoors or execute destructive payloads under the guise of legitimate updates.
To fully address all three vulnerabilities, IBM has released QRadar version 7.5.0 UP12 IF02, which includes the necessary security fixes. No viable workarounds exist for these issues, making prompt patching essential.
Donate