Tuesday , June 23 2026
QRadar

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

infosecbulletin Wednesday , June 4 2025 Alert

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These flaws, which vary in severity from medium to critical, can lead to remote code execution, information disclosure, and denial of service (DoS) attacks.

The bulletin lists five security vulnerabilities affecting versions 1.10.0.0 through 1.11.2.0 of IBM Cloud Pak for Security and QRadar Suite Software:

Anthropic’s Mythos reportedly broke NSA classified systems in hours

By infosecbulletin / Monday , June 22 2026
The recent finding shows how powerful Mythos is: the AI can access the US government's secret networks in just a...
Read More
Anthropic’s Mythos reportedly broke NSA classified systems in hours

OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

By infosecbulletin / Monday , June 22 2026
Test before going live is important for AI developers. But there's a problem: testing usually uses fake scenarios that often...
Read More
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

AryStinger botnet infected thousands of D-Link routers globally

By infosecbulletin / Sunday , June 21 2026
AryStinger has taken control of over 4,000 old D-Link routers to use them as proxies for harmful traffic. The team...
Read More
AryStinger botnet infected thousands of D-Link routers globally

Hacker suspected of sending alerts across Brazil

By infosecbulletin / Sunday , June 21 2026
Brazil's government suspects a hacking attack triggered an unauthorized ‌alert sent to cell phones across parts of the country early...
Read More
Hacker suspected of sending alerts across Brazil

CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

By infosecbulletin / Sunday , June 21 2026
A new open-source cybersecurity tool named CyberSentinel AI v3.0 has come out. It is an important step in self-operated security...
Read More
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

Barracuda hosts Dhaka roundtable on cyber resilience

By infosecbulletin / Saturday , June 20 2026
Barracuda gathered industry people in Dhaka on 18 June 2026 for a roundtable talk about cyber resilience. The company shared...
Read More
Barracuda hosts Dhaka roundtable on cyber resilience

CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asked Fortinet users with FortiGate devices on Thursday to act to protect...
Read More
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

CISA: Splunk flaw under active exploit, patch by Sunday

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked federal agencies to protect their systems by Sunday from a...
Read More
CISA: Splunk flaw under active exploit, patch by Sunday

Texas data breach exposes 3 million driver’s licenses

By infosecbulletin / Saturday , June 20 2026
The Texas Parks and Wildlife Department (TPWD) revealed a data leak at its license system provider. This leak exposed private...
Read More
Texas data breach exposes 3 million driver’s licenses

Critical Cisco ISE Vulnerability Enables Remote Code Execution

By infosecbulletin / Friday , June 19 2026
Cisco has revealed critical security flaws in its Identity Services Engine (ISE). These flaws could let attackers run harmful code...
Read More
Critical Cisco ISE Vulnerability Enables Remote Code Execution

CVE-2025-25022 (CVSS 9.6 – Critical): 

This serious vulnerability lets unauthenticated attackers access sensitive information in configuration files, potentially leading to system compromise or privilege escalation.

CVE-2025-25021 (CVSS 7.2 – High): 

This flaw allows privileged users to run arbitrary code due to poor case management in script creation. It arises from faulty code generation, creating a risk of exploitation in administrative tasks.

CVE-2025-25020 (CVSS 6.5 – Medium): 

A DoS vulnerability lets authenticated users crash services by sending malformed data through the API, as the input validation doesn’t fully sanitize some payloads.

CVE-2025-25019 (CVSS 4.8 – Medium):

The session management flaw in QRadar SIEM fails to properly invalidate sessions upon logout, potentially allowing session hijacking where an attacker can impersonate another user.

CVE-2025-1334 (CVSS 4.0 – Medium):

The software allows storing web content that can be accessed by other users on the system, which is a concern in multi-user environments where data privacy is important.

The issues impact the following product versions:

IBM Cloud Pak for Security: 1.10.0.0 to 1.10.11.0
QRadar Suite Software: 1.10.12.0 to 1.11.2.0

IBM advises upgrading to version 1.11.3.0 or later to address all five vulnerabilities. They have provided detailed guidance for the upgrade and installation of the patched versions.

Installation Instructions
Upgrade Instructions

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Check Also

F5

F5 Patches NGINX Flaw for Code Execution and DoS Attacks

F5 has shared a security warning about serious flaws in NGINX. These issues could let …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin