IBM QRadar SIEM: SSH sessions can be compromised

IBM's IT security solution poses a risk to PCs and networks due to several software vulnerabilities. Attacks on App Connect Enterprise are also possible.

Various Dangers

If attackers exploit multiple security vulnerabilities in QRadar SIEM, they can view configuration files, among other things (CVE-2025-36051 “medium”), according to a warning notice. In another post, the developers warn of vulnerabilities in several components used by the security solution.

If attackers successfully exploit these vulnerabilities, memory errors can occur, for example in the context of the Linux kernel. This is usually followed by crashes. However, malicious code can often also enter systems and compromise them (e.g., CVE-2025-40135 “high”).

If attackers exploit a vulnerability (CVE-2025-5372 “high”) in OpenSSL, they can gain control over SSH sessions. The warning notices provide no indication that attackers are already exploiting the vulnerabilities. However, this can change quickly, and administrators should ensure that version IBM QRadar SIEM 7.5.0 UP15, which is protected against the described attacks, is installed.

According to a warning notice, App Connect Enterprise is vulnerable through a total of three vulnerabilities. One of these vulnerabilities is considered “critical” (CVE-2026-25896). Attackers can execute an XSS attack in the context of XML processing. Here too, there are currently no indications of ongoing attacks.

The developers assure that the security issues have been resolved in IBM App Connect Enterprise v13 - Fix Pack Release 13.0.6.2 and v12 - Fix Pack Release 12.0.12.24.

(des)