- Description
- IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
- Source
- psirt@us.ibm.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 4.7
- Impact score
- 4.2
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N
- Severity
- MEDIUM
- psirt@us.ibm.com
- CWE-295
- Hype score
- Not currently trending
Today, I'll share the most important information about the CVE-2025-36041 vulnerability in IBM MQ Service and how to address it. Follow me for more details and future technical posts! 🔗 Github : https://t.co/oCnxOayU5X Exploit : https://t.co/AUhSXNexXt
@byte_reaper
20 Jun 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36041 Unauthorized Key Configuration Vulnerability in IBM MQ Operator Multiple Versions https://t.co/seiNYRiqiq
@VulmonFeeds
15 Jun 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36041 IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0… https://t.co/s4vt9Btgxu
@CVEnew
15 Jun 2025
742 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes