CVE-2025-0975

EPSS 0.24%
Published 28.02.2025 03:15:10
Last modified 03.07.2025 20:41:35
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Mq Appliance SwEditioncontinuous_delivery Version >= 9.3.0 <= 9.4.2

Ibm ≫ Mq Appliance SwEditionlts Version >= 9.3.0.0 <= 9.3.0.27

Ibm ≫ Mq Appliance SwEditionlts Version >= 9.4.0.0 <= 9.4.0.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.47

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
psirt@us.ibm.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

https://www.ibm.com/support/pages/node/7183467

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-0975

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-0975

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-0975

EUVD