EUVD-2025-208850

| CVE-2025-13995 MEDIUM
2026-03-19 ibm
5.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 19, 2026 - 02:30 vuln.today
EUVD ID Assigned
Mar 19, 2026 - 02:30 euvd
EUVD-2025-208850
Patch Released
Mar 19, 2026 - 02:30 nvd
Patch available
CVE Published
Mar 19, 2026 - 01:55 nvd
MEDIUM 5.0

Tags

IBM Information Disclosure

Description

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.

Analysis

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 contain a cross-tenant information disclosure vulnerability that allows an authenticated attacker with access to one tenant account to retrieve hostname data belonging to other tenants. The vulnerability has a CVSS score of 5.0 with low attack complexity and requires only user-level privileges, making it a practical risk in multi-tenant deployments. A patch is available from IBM, and there is no indication of active exploitation in the wild or public proof-of-concept code.

Technical Context

The vulnerability is rooted in CWE-1286 (Improper Validation of Syntactic Correctness of Input), which manifests as an authorization bypass in IBM QRadar's multi-tenant architecture. QRadar SIEM (Security Information and Event Management) is an enterprise security analytics platform identified via CPE cpe:2.3:a:ibm:qradar:*:*:*:*:*:*:*:*. The flaw appears in the tenant isolation logic, specifically in data access controls that should segregate hostname information between isolated tenant contexts. An authenticated user with valid credentials to one tenant can exploit insufficient validation checks to retrieve metadata (hostname data) from other tenant namespaces, indicating a failure in tenant-aware authorization enforcement at the API or data retrieval layer.

Affected Products

IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14 are affected, as confirmed via CPE cpe:2.3:a:ibm:qradar:*:*:*:*:*:*:*:*. The vulnerability is specific to this update range within the 7.5.0 release branch. Patches are available from IBM; refer to the official security advisory at https://www.ibm.com/support/pages/node/7266709 for the exact patch version and upgrade path. Users on QRadar versions prior to 7.5.0 or later versions beyond Update Package 14 in the 7.5.0 line should verify their specific patch status against the IBM support documentation.

Remediation

Upgrade IBM QRadar SIEM to the patched version specified in IBM support advisory https://www.ibm.com/support/pages/node/7266709 as soon as possible. For deployments that cannot patch immediately, implement the following interim controls: restrict QRadar administrative and API access to a minimal set of trusted users and service accounts; enforce network-level access controls to limit API requests to known legitimate sources; enable audit logging for all tenant data access attempts and monitor for cross-tenant queries; and consider temporarily disabling API access for non-essential integrations. In multi-tenant environments, conduct a data access audit to identify any unauthorized cross-tenant hostname enumeration that may have already occurred.

Priority Score

25
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +25
POC: 0

Share

EUVD-2025-208850 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy