CVE-2025-36170 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-36170 PUBLISHED CVSS 6.400000095367432 MEDIUM

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

EPSS 0.02% · 4.0th percentile

Risk Scores

CVSS v3.1

6.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS Score

0.02%

4.0th percentile

Affected Products

Vendor	Product	Versions
ibm	qradar_siem	7.5.0
IBM	QRadar SIEM	7.5.0
ibm	qradar_security_information_and_event_manager	7.5.0, 7.5.0, 7.5.0

Timeline

Oct 27, 2025 CVE Published
Oct 27, 2025 CVE Updated
Oct 28, 2025 EPSS Score
Nov 2, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 17, 2025 EPSS Score
Nov 23, 2025 EPSS Score
Nov 28, 2025 EPSS Score
Dec 3, 2025 EPSS Score
Dec 8, 2025 EPSS Score
Dec 13, 2025 EPSS Score

References

https://www.ibm.com/support/pages/node/7249278 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-36170 advisory

Open in Interactive Console →