VDB
CVE-2025-36138
CVE-2025-36138
PUBLISHED
CVSS 6.400000095367432 MEDIUM
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
EPSS 0.02% · 6.1th percentile
Risk Scores
CVSS v3.1
6.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS Score
0.02%
6.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ibm | qradar_security_information_and_event_manager | 7.5.0, 7.5.0, 7.5.0 |
| IBM | QRadar SIEM | 7.5.0 |
| ibm | qradar_siem | 7.5.0 |
Timeline
- Oct 27, 2025 CVE Published
- Oct 27, 2025 CVE Updated
- Oct 28, 2025 EPSS Score
- Nov 3, 2025 EPSS Score
- Nov 8, 2025 EPSS Score
- Nov 14, 2025 EPSS Score
- Nov 19, 2025 EPSS Score
- Nov 25, 2025 EPSS Score
- Dec 1, 2025 EPSS Score
- Dec 6, 2025 EPSS Score
- Dec 12, 2025 EPSS Score
- Dec 18, 2025 EPSS Score
References
- https://www.ibm.com/support/pages/node/7249278 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-36138 advisory