Vulnerability Details
Basic Information
| Title | Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2025-27365) |
|---|---|
| Type | ibm |
| Published | 2025-05-02T20:15:18 |
| Last Seen | 2025-05-02T18:56:39 |
| CVSS Score | 6.5 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-27365 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
IBM MQ has addressed a denial of service vulnerability.
## Vulnerability Details
**CVEID:**CVE-2025-27365
**DESCRIPTION:** An IBM MQ client connecting to an IBM MQ queue manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
**CWE:**CWE-416: Use After Free
**CVSS Source:** IBM
**CVSS Base score:** 6.5
**CVSS Vector:**(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
## Affected Products and Versions
Affected Product(s) | Version(s)
—|—
IBM MQ | 9.3.3 to 9.3.5 CD
IBM MQ | 9.4.0.0 to 9.4.0.10 LTS
IBM MQ | 9.4.0.0 to 9.4.2 CD
The following installable MQ components are affected by the vulnerability:
\- Server
If you are running any of these listed components, please apply the remediation/fixes as described below. For more information on the definitions of components used in this list see https://www.ibm.com/support/pages/installable-component-names-used-ibm-mq-security-bulletins
## Remediation/Fixes
This issue was addressed under APAR IT47591.
IBM MQ version 9.4 LTS
Apply cumulative security update 9.4.0.11
IBM MQ version 9.3 CD and 9.4 CD
Upgrade to IBM MQ version 9.4.2.1
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 6.5 |
|---|---|
| Severity | MEDIUM |