Security gaps threaten IBM 's Concert and QRadar SIEM security solutions

Although IBM Concert and QRadar SIEM are intended to protect systems from attacks, they can now themselves serve as attack vectors due to several software vulnerabilities. So far, there are no reports of ongoing attacks. However, administrators should not delay the installation of security updates.

Attacks may be imminent

As indicated by two alerts, QRadar SIEM is vulnerable through a total of three security vulnerabilities (CVE-2025-36007 “high,” CVE-2025-36170 “medium,” CVE-2025-36138 “medium.”) If attacks are successful, attackers can gain higher user privileges or embed malicious code in the Web UI to access credentials. However, they must already be authenticated for the latter.

The developers state that versions 7.5 up to and including 7.5.0 UP13 IF02 are affected. They assure that the vulnerabilities have been fixed in QRadar 7.5.0 UP14.

As the developers list in an alert, IBM Concert is vulnerable through 15 security vulnerabilities. Three of these are classified as “critical” (CVE-2025-7783, CVE-2025-9288, CVE-2024-33531). If attackers successfully exploit these, they can manipulate data, among other things. How attacks could proceed is currently unknown.

The remaining vulnerabilities allow for DoS conditions, among other things. Furthermore, attackers can gain unauthorized access to data and bypass security checks. According to the developers, Concert versions 1.0.0 up to and including 2.0.0 are impacted. IBM Concert Software 2.1.0 is secured against the described attacks. It is currently unknown how administrators can identify already-attacked computers.

(des)