Critical IBM QRadar SIEM Vulnerabilities Enables Remote Command Execution

IBM has disclosed multiple critical security vulnerabilities in its QRadar Security Information and Event Management (SIEM) platform that could enable attackers to gain unauthorized access to sensitive data and execute arbitrary commands on affected systems.

The vulnerabilities, published on June 19, 2025, affect QRadar SIEM versions 7.5 through 7.5.0 UP12 IF01, with the most severe vulnerability receiving a CVSS score of 9.1 out of 10.

Organizations using these versions are urged to apply the available security patches immediately to prevent potential exploitation.

The most concerning vulnerability, tracked as CVE-2025-33117, poses an extreme risk to organizations worldwide.

This vulnerability allows privileged users to modify configuration files, potentially enabling the upload of malicious autoupdate files that can execute arbitrary commands with system-level privileges.

The vulnerability receives a maximum severity rating with a CVSS score of 9.1, indicating its potential for widespread damage across enterprise networks.

The attack vector requires network access and high privileges but offers no complexity barriers for exploitation.

Once compromised, attackers gain complete control over confidentiality, integrity, and availability of the affected system, with the potential to impact other connected systems within the same scope.

This particular vulnerability falls under the CWE-73 category, representing external control of file names or paths, a weakness that can lead to complete system compromise.

IBM QRadar SIEM Vulnerabilities

Beyond the critical command execution vulnerability, IBM QRadar faces two additional vulnerabilities that create multiple pathways for potential attacks.

CVE-2025-33121 exposes the system to XML External Entity (XXE) injection attacks, scoring 7.1 on the CVSS scale.

This vulnerability allows remote attackers with low-level privileges to exploit XML processing functions, potentially exposing sensitive information or consuming critical memory resources that could lead to system instability.

The XXE vulnerability requires network access and low privileges, making it more accessible to a broader range of attackers compared to the critical configuration file vulnerability.

Successful exploitation can result in high confidentiality impact and low availability impact, as attackers can extract sensitive data while potentially degrading system performance through resource exhaustion.

The third vulnerability, CVE-2025-36050, presents a moderate risk with a CVSS score of 6.2.

Organizations must prioritize this update due to the critical nature of the vulnerabilities and their potential impact on security infrastructure.

This vulnerability involves the improper storage of sensitive information in log files, making confidential data accessible to local users.

While requiring local access, this vulnerability can serve as a stepping stone for privilege escalation or data exfiltration in multi-user environments.

Immediate Updates

IBM has released QRadar 7.5.0 UP12 IF02 as the comprehensive fix for all three vulnerabilities affecting the QRadar SIEM platform.

The company emphasizes that no workarounds or mitigations are available, making the security update the only viable protection against these threats.

The vulnerabilities were discovered by IBM’s own Security Ethical Hacking Team, including researchers John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak.

This internal discovery demonstrates IBM’s commitment to proactive security testing but also highlights the sophisticated nature of these flaws that required specialized expertise to identify.

Security professionals should implement the patches during scheduled maintenance windows while ensuring proper backup procedures are in place.

Given QRadar’s central role in enterprise security monitoring, organizations should coordinate updates carefully to maintain continuous security visibility throughout the patching process.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.