CVE-2025-33117 | THREATINT

Description

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.

PUBLISHED Reserved 2025-04-15 | Published 2025-06-19 | Updated 2026-02-26 | Assigner ibm

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-73 External Control of File Name or Path

Product status

Default status

unaffected

7.5 (semver)

affected

Credits

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak finder

References

www.ibm.com/support/pages/node/7237317 vendor-advisory patch

cve.org (CVE-2025-33117)

nvd.nist.gov (CVE-2025-33117)

Download JSON