CVE-2025-33121 | THREATINT

Description

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

PUBLISHED Reserved 2025-04-15 | Published 2025-06-19 | Updated 2025-08-24 | Assigner ibm

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Problem types

CWE-611 Improper Restriction of XML External Entity Reference

Product status

Default status

unaffected

7.5 (semver)

affected

Credits

John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak finder

References

www.ibm.com/support/pages/node/7237317 vendor-advisory patch

cve.org (CVE-2025-33121)

nvd.nist.gov (CVE-2025-33121)

Download JSON