How to fix EUVD-2025-16758?

Within 24 hours: Inventory all QRadar Suite (1.10.12.0-1.11.2.0) and Cloud Pak for Security (1.10.0.0-1.10.11.0) instances and restrict network access to these systems to authorized users only. Within 7 days: Implement Web Application Firewall (WAF) rules to block requests attempting to access configuration file endpoints, rotate all credentials stored in QRadar configurations, and enable comprehensive logging of access attempts. Within 30 days: Contact IBM for patched versions or upgrade roadmap; consider temporary isolation of affected systems if running in production; conduct forensic review of access logs for evidence of prior exploitation.

Is Cloud Pak For Security affected by EUVD-2025-16758?

IBM QRadar Suite and Cloud Pak for Security deployments are vulnerable to unauthorized disclosure of sensitive configuration data by unauthenticated users, potentially exposing credentials, API keys, and system architecture details.

EUVD-2025-16758

| CVE-2025-25022 CRITICAL

2025-06-03 [email protected]

9.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16758

CVE Published

Jun 03, 2025 - 16:15 nvd

CRITICAL 9.6

Description

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.

Analysis

Credential exposure in IBM QRadar Suite 1.10.12.0-1.11.2.0.

Technical Context

CWE-260.

Affected Products

['IBM QRadar Suite 1.10.12-1.11.2']

Remediation

Apply IBM fix.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +48

POC: 0

EUVD-2025-16758 vulnerability details – vuln.today

Back

EUVD-2025-16758

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-16758

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code