Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.
AnalysisAI
IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-tenant information disclosure vulnerability that allows an authenticated attacker with access to one tenant account to retrieve hostname data belonging to other tenants. The vulnerability has a CVSS score of 5.0 with low attack complexity and requires only user-level privileges, making it a practical risk in multi-tenant deployments. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept code.
Technical ContextAI
The vulnerability is rooted in CWE-1286 (Improper Validation of Syntactic Correctness of Input), which manifests as an authorization bypass in IBM QRadar's multi-tenant architecture. QRadar SIEM (Security Information and Event Management) is an enterprise security analytics platform identified via CPE cpe:2.3:a:ibm:qradar:*:*:*:*:*:*:*:*. The flaw appears in the tenant isolation logic, specifically in data access controls that should segregate hostname information between isolated tenant contexts. An authenticated user with valid credentials to one tenant can exploit insufficient validation checks to retrieve metadata (hostname data) from other tenant namespaces, indicating a failure in tenant-aware authorization enforcement at the API or data retrieval layer.
RemediationAI
Upgrade IBM QRadar SIEM to the patched version specified in IBM support advisory https://www.ibm.com/support/pages/node/7266709 as soon as possible. For deployments that cannot patch immediately, implement the following interim controls: restrict QRadar administrative and API access to a minimal set of trusted users and service accounts; enforce network-level access controls to limit API requests to known legitimate sources; enable audit logging for all tenant data access attempts and monitor for cross-tenant queries; and consider temporarily disabling API access for non-essential integrations. In multi-tenant environments, conduct a data access audit to identify any unauthorized cross-tenant hostname enumeration that may have already occurred.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208850