CVE-2025-33121

| EUVD-2025-25647 HIGH
2025-06-19 [email protected]
7.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-25647
CVE Published
Jun 19, 2025 - 18:15 nvd
HIGH 7.1

Tags

XXE IBM Information Disclosure Denial Of Service Qradar Security Information And Event Manager

Description

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Analysis

IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 contain an XML External Entity (XXE) injection vulnerability that allows authenticated remote attackers to extract sensitive information or trigger denial-of-service conditions through memory exhaustion. The vulnerability requires valid credentials (CVSS PR:L) but has a high confidentiality impact (C:H) and affects a critical security infrastructure product. No publicly available evidence of active exploitation or public POCs has been confirmed at this time.

Technical Context

The vulnerability exists in QRadar's XML parsing functionality, which fails to disable external entity processing in its XML parser. This is a classic XXE attack vector (CWE-611: Improper Restriction of XML External Entity Reference) where an attacker can craft malicious XML payloads containing DOCTYPE declarations with SYSTEM or PUBLIC identifiers pointing to local files or external resources. The affected component processes user-supplied XML data without proper input validation or entity resolution restrictions. Affected CPE: cpe:2.3:a:ibm:qradar_siem:7.5:*:*:*:*:*:*:* through cpe:2.3:a:ibm:qradar_siem:7.5.0:up12:*:*:*:*:*:*. This impacts QRadar's core XML parsing libraries, likely in data ingestion, log processing, or API handling components.

Affected Products

QRadar SIEM (7.5.0 through 7.5.0 Update Package 12)

Remediation

1. Upgrade to IBM QRadar SIEM 7.5.0 Update Package 13 or later (specific patch version should be confirmed via IBM Security Bulletin). 2. If immediate patching is unavailable, implement network-level access controls to restrict XML data ingestion to trusted sources only. 3. Review and audit QRadar user access controls; disable unnecessary user accounts with API or data ingestion privileges. 4. Monitor QRadar logs for XML parsing errors or suspicious DOCTYPE declarations in ingested data. 5. Apply input validation rules at the firewall/proxy level to block XML payloads containing SYSTEM, PUBLIC, or ENTITY declarations if possible. 6. Contact IBM Security for the specific patch advisory (likely published via IBM X-Force Exchange or QRadar Security Bulletin system).

Priority Score

36
Low Medium High Critical
KEV: 0
EPSS: +0.2
CVSS: +36
POC: 0

Share

CVE-2025-33121 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy