EUVD-2025-208852CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4Description
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality.
Analysis
IBM QRadar SIEM contains a reflected or stored cross-site scripting (XSS) vulnerability in the Web UI that allows authenticated users to inject arbitrary JavaScript code, potentially altering system functionality and compromising the integrity of security monitoring. The vulnerability affects QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14. An attacker with valid credentials can craft malicious payloads to execute client-side code in the context of other users' sessions, leading to session hijacking, credential theft, or unauthorized configuration changes. A patch is available from IBM, and this vulnerability is not currently listed in CISA's KEV catalog, suggesting limited evidence of active exploitation in the wild at this time.
Technical Context
This vulnerability is rooted in CWE-79 (Improper Neutralization of Input During Web Page Generation), a foundational web application security flaw where user-supplied input is not properly sanitized or encoded before being rendered in HTML or JavaScript contexts. IBM QRadar SIEM (cpe:2.3:a:ibm:qradar_siem) is a Security Information and Event Management (SIEM) platform that aggregates and analyzes security logs and events. The Web UI component fails to perform adequate input validation and output encoding on user-controlled parameters, allowing attackers to bypass client-side or server-side filtering mechanisms. The CVSS vector indicates this requires network access (AV:N), is low complexity (AC:L), requires low privilege (PR:L), and necessitates user interaction (UI:R) with a changed scope (S:C), meaning an authenticated attacker can trigger code execution that affects resources beyond their original security scope.
Affected Products
IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 are vulnerable to this XSS vulnerability. The affected product is identified via CPE cpe:2.3:a:ibm:qradar_siem. IBM has published a security advisory and patch information at https://www.ibm.com/support/pages/node/7266709 (referenced as [cveorg]), which provides detailed version information and update guidance. Organizations running QRadar SIEM 7.5.0 with any update package through Update Package 14 should immediately verify their installed version and apply the available patch.
Remediation
Upgrade IBM QRadar SIEM to the patched version released by IBM; consult the vendor advisory at https://www.ibm.com/support/pages/node/7266709 for the specific update package version that resolves CVE-2025-15051. If immediate patching is not feasible due to change control procedures, implement compensating controls by restricting Web UI access to trusted internal networks only, disabling remote access to the QRadar console, enforcing multi-factor authentication for all QRadar administrative accounts, and monitoring logs for suspicious JavaScript injection attempts in Web UI parameters. Additionally, review access control lists to ensure only authorized personnel have credentials to access the QRadar Web UI, thereby reducing the attack surface that requires low privilege (PR:L) to exploit.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today