IBM QRadar SIEM Bug Lets Attackers Run Arbitrary Commands
IBM has issued a critical security update for its QRadar SIEM platform after researchers uncovered multiple vulnerabilities, including a severe flaw that allows privileged users to execute arbitrary commands on affected systems.
The vulnerabilities, disclosed in a security bulletin published on June 19, 2025, could enable attackers to compromise sensitive data, disrupt operations, or gain unauthorized access to protected resources if left unpatched.
Multiple Vulnerabilities Detailed
The IBM Security QRadar SIEM platform, widely used by enterprises for security monitoring and incident response, was found to contain several vulnerabilities of varying severity.
According to IBM, these flaws impact QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 IF01 and have been addressed in the latest interim fix (UP12 IF02).
Below is a summary of the key vulnerabilities:
| CVE ID | Description | CVSS Score |
| CVE-2025-36050 | Sensitive information stored in log files could be read by a local user. | 6.2 |
| CVE-2025-33121 | Vulnerable to XML External Entity (XXE) injection, allowing remote attackers to expose sensitive data or exhaust memory. | 7.1 |
| CVE-2025-33117 | Privileged user can modify config files to upload a malicious autoupdate file, leading to arbitrary command execution. | 9.1 |
CVE-2025-33117 is the most critical of the group, with a CVSS score of 9.1. This flaw allows a privileged user to alter configuration files and upload a malicious autoupdate file, which can then execute arbitrary commands on the QRadar SIEM system.
Such an exploit could provide attackers with a foothold to further compromise the network or exfiltrate sensitive data.
Security experts note that these vulnerabilities are part of a broader pattern affecting IBM’s QRadar Suite and related platforms.
Other recent CVEs, such as CVE-2025-25022 and CVE-2025-25021, enable attackers to access sensitive configuration files or execute code via improper script handling, further highlighting the need for urgent patching.
IBM has not provided any workarounds or mitigations for these vulnerabilities. Customers are strongly urged to update their QRadar SIEM installations to version 7.5.0 UP12 IF02 or later to protect against potential exploitation.
The discovery of these vulnerabilities, especially the arbitrary command execution bug, underscores the importance of regular security updates and prompt patch management for enterprise security infrastructure.
Organizations using IBM QRadar SIEM should prioritize applying the latest fixes to prevent attackers from leveraging these critical flaws.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
