Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-25019 DESCRIPTION: IBM QRadar SIEM does not invalidate session after a logout which could allow a user to impersonate another user on the system. CWE:CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 4.8 CVSS Vector:(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID:CVE-2025-25022 DESCRIPTION: IBM QRadar SIEM could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. CWE:CWE-260: Password in Configuration File CVSS Source: IBM CVSS Base score: 9.6 CVSS Vector:(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID:CVE-2025-25021 DESCRIPTION: IBM QRadar SIEM could allow a privileged execute code in case management script creation due to the improper generation of code. CWE:CWE-94: Improper Control of Generation of Code ('Code Injection') CVSS Source: IBM CVSS Base score: 7.2 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) CVEID:CVE-2025-1334 DESCRIPTION: IBM QRadar Suite allows web pages to be stored locally which can be read by another user on the system. CWE:CWE-525: Use of Web Browser Cache Containing Sensitive Information CVSS Source: IBM CVSS Base score: 4 CVSS Vector:(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:CVE-2025-25020 DESCRIPTION: IBM QRadar SIEM could allow an authenticated user to cause a denial of…Read More