Security updates: IBM App Connect Enterprise Container and MQ are vulnerable
Important security updates have been released for IBM App Connect Enterprise Container and MQ. Attackers can paralyze servers, among other things.
(Image: Photon photo/Shutterstock.com)
Attackers can use several vulnerabilities in IBM App Connect Enterprise Container and MQ to attack systems. So far, there have been no reports of attacks. However, admins should not hesitate too long and install the security updates promptly to protect their instances from possible attacks.
DoS attacks conceivable
IBM's Connect Enterprise Container integration software offering for merging business information from different applications can be attacked via several DoS vulnerabilities (CVE-2025-47935 “high”, CVE-2025-47944 “high”, CVE-2025-48997 “high”). The vulnerabilities affect the Node.js middleware Multer. Attackers can target it with crafted multipart upload requests, among other things. Processing the requests leads to a crash.
Videos by heise
Attackers can also exploit another vulnerability (CVE-2025-48387 “high”) to gain write access in a specific context. The developers state in a security message that the following versions of IBM App Connect Enterprise Container are secured against this:
- 12.12.0
- 12.0 LTS
Further threats
IBM's middleware software MQ is vulnerable to attack via several vulnerabilities classified as “medium” threat level. For example, attackers can carry out DoS attacks in unspecified ways(CVE-2025-3631, CVE-2025-3631) or bypass authentication due to errors in the verification of certificates (CVE-2025-33181). Versions 9.3.0.30, 9.4.0.12 and 9.4.3 are equipped against the attacks described.
(des)
