Analysis Summary

CVE-2025-36041 CVSS:4.7

IBM MQ Operator LTS, MQ Operator CD, and MQ Operator SC2 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

CVE-2025-1411 CVSS:7.8

IBM Security Verify Directory Container could allow a local user to execute commands as root due to execution with unnecessary privileges.

CVE-2025-0923 CVSS:5.3

IBM Cognos Analytics stores source code on the web server, which could aid in further attacks against the system.

CVE-2025-25032 CVSS:7.5

IBM Cognos Analytics could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.

CVE-2025-0917 CVSS:5.5

IBM Cognos Analytics is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-3473 CVSS:6.7

IBM Security Guardium could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.

Impact

• Information Disclosure
• Denial of Service
• Cross-Site Scripting
• Privilege Escalation
• Code Execution

Indicators of Compromise

CVE

• CVE-2025-36041

• CVE-2025-1411

• CVE-2025-0923

• CVE-2025-0917

• CVE-2025-25032

• CVE-2025-3473

Affected Vendors

Remediation

Refer to the IBM Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-36041

CVE-2025-1411

CVE-2025-0923

CVE-2025-0917

CVE-2025-25032

CVE-2025-3473