IBM MQ denial of service_CVE-2025-36128

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Basic Information

ID CVE-2025-36128

Source ibm

Published Oct 16, 2025 at 16:49

Affected Product

Vendor IBM

Product MQ

Version 9.1

Affected Versions IBM MQ 9.1
IBM MQ 9.2
IBM MQ 9.3
IBM MQ 9.4
IBM MQ 9.3
IBM MQ 9.4

CWE Classification

CWE-772

References

www.ibm.com /support/pages/node/7244480

{
    "lastseen": "",
    "description": "IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.",
    "published": "2025-10-16T16:49:26.251Z",
    "modified": "2025-10-16T16:49:26.251Z",
    "type": "cve",
    "title": "IBM MQ denial of service",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7244480",
    "id": "CVE-2025-36128",
    "bulletinFamily": "",
    "cwe": [
        "CWE-772"
    ],
    "cvelist": null,
    "sourceData": "IBM MQ 9.1\nIBM MQ 9.2\nIBM MQ 9.3\nIBM MQ 9.4\nIBM MQ 9.3\nIBM MQ 9.4",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MQ",
    "version": "9.1",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}