Skip to main content

IBM CVE-2025-13995

| EUVD-2025-208850 MEDIUM
Improper Validation of Syntactic Correctness of Input (CWE-1286)
2026-03-19 ibm
Information Disclosure IBM
5.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 19, 2026 - 02:30 euvd
EUVD-2025-208850
Analysis Generated
Mar 19, 2026 - 02:30 vuln.today
Patch released
Mar 19, 2026 - 02:30 nvd
Patch available
CVE Published
Mar 19, 2026 - 01:55 nvd
MEDIUM 5.0

DescriptionNVD

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.

AnalysisAI

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-tenant information disclosure vulnerability that allows an authenticated attacker with access to one tenant account to retrieve hostname data belonging to other tenants. The vulnerability has a CVSS score of 5.0 with low attack complexity and requires only user-level privileges, making it a practical risk in multi-tenant deployments. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept code.

Technical ContextAI

The vulnerability is rooted in CWE-1286 (Improper Validation of Syntactic Correctness of Input), which manifests as an authorization bypass in IBM QRadar's multi-tenant architecture. QRadar SIEM (Security Information and Event Management) is an enterprise security analytics platform identified via CPE cpe:2.3:a:ibm:qradar:*:*:*:*:*:*:*:*. The flaw appears in the tenant isolation logic, specifically in data access controls that should segregate hostname information between isolated tenant contexts. An authenticated user with valid credentials to one tenant can exploit insufficient validation checks to retrieve metadata (hostname data) from other tenant namespaces, indicating a failure in tenant-aware authorization enforcement at the API or data retrieval layer.

RemediationAI

Upgrade IBM QRadar SIEM to the patched version specified in IBM support advisory https://www.ibm.com/support/pages/node/7266709 as soon as possible. For deployments that cannot patch immediately, implement the following interim controls: restrict QRadar administrative and API access to a minimal set of trusted users and service accounts; enforce network-level access controls to limit API requests to known legitimate sources; enable audit logging for all tenant data access attempts and monitor for cross-tenant queries; and consider temporarily disabling API access for non-essential integrations. In multi-tenant environments, conduct a data access audit to identify any unauthorized cross-tenant hostname enumeration that may have already occurred.

More from same product – last 7 days

CVE-2026-7524 CRITICAL
9.8 May 27

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr
CVE-2026-8175 CRITICAL
9.8 May 27

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra
CVE-2026-7876 CRITICAL
9.1 May 27

Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu
CVE-2026-5065 HIGH
8.8 May 27

Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded
CVE-2026-8179 HIGH
8.8 May 27

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)

Share

CVE-2025-13995 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy