cve-2025-3631
Vulnerability from cvelistv5
Published
2025-07-11 18:37
Modified
2025-07-11 18:52
Severity ?
EPSS score ?
Summary
IBM MQ denial of service
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7237025 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7238310 | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| IBM | MQ | |
| IBM | MQ Appliance |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T18:51:57.975695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:52:08.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.3.5.1 CD",
"status": "affected",
"version": "9.3.2.0 CD",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.2.1 CD",
"status": "affected",
"version": "9.4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.0.11 LTS",
"status": "affected",
"version": "9.4.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Appliance",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "9.3.5.2 CD",
"status": "affected",
"version": "9.3.2.0 CD",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.0.11 LTS",
"status": "affected",
"version": "9.4.0.0 LTS",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.4.2.1 CD",
"status": "affected",
"version": "9.4.1.0 CD",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
}
],
"value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:37:38.769Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7238310"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7237025"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue was addressed under known issue DT435291 .\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.4 LTS\u003cbr\u003e\u003cbr\u003eApply fix pack 9.4.0.12\u003cbr\u003e\u003cbr\u003eIBM MQ version 9.3 CD and 9.4 CD\u003cbr\u003e\u003cbr\u003eUpgrade to IBM MQ version 9.4.3\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.3 CD\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003cdiv\u003e\u003cdiv\u003eIBM MQ Appliance version 9.4 LTS\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\u003c/div\u003e\u0026nbsp;\u003cdiv\u003eIBM MQ Appliance version 9.4 CD\u003c/div\u003e\u003cdiv\u003eApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-3631",
"datePublished": "2025-07-11T18:37:38.769Z",
"dateReserved": "2025-04-15T09:48:13.276Z",
"dateUpdated": "2025-07-11T18:52:08.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-3631\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2025-07-11T19:15:23.433\",\"lastModified\":\"2025-07-23T19:08:03.073\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.\"},{\"lang\":\"es\",\"value\":\"Un cliente de IBM MQ 9.3 y 9.4 que se conecta a un gestor de colas de MQ puede provocar un SIGSEGV en el proceso del canal AMQRMPPA que lo finalice.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*\",\"versionStartIncluding\":\"9.3.2\",\"versionEndIncluding\":\"9.3.5.2\",\"matchCriteriaId\":\"BA8A634C-E4C9-4323-92F7-600578B7762D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.4.0.0\",\"versionEndExcluding\":\"9.4.0.12\",\"matchCriteriaId\":\"E7911CD0-3FAA-4639-8150-BFC28A615F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*\",\"versionStartIncluding\":\"9.4.0.0\",\"versionEndExcluding\":\"9.4.3\",\"matchCriteriaId\":\"F5AD9525-FE94-4672-8F7E-66C69C1BE460\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"9.4.1.0\",\"versionEndExcluding\":\"9.4.3.0\",\"matchCriteriaId\":\"E1142B22-8707-4DE4-AFFD-F6CC735459A8\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7237025\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ibm.com/support/pages/node/7238310\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.