What is CVE-2025-25021?

CVE-2025-25021 is a high-severity vulnerability in Ibm Cloud Pak For Security, classified under Code Injection. CVSS score: 7.2/10. Published 2025-06-03.

How severe is CVE-2025-25021?

High severity. CVSS v3 base score is 7.2 out of 10.

RCE in Ibm Cloud Pak For Security

CVE-2025-25021

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (64.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ibm Cloud Pak For Security — versions 1.10.0.0
Ibm Qradar Suite Software — versions 1.10.12.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

www.ibm.com/support/pages/node/7235432 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-25021?: CVE-2025-25021 is a high-severity vulnerability in Ibm Cloud Pak For Security, classified under Code Injection. CVSS score: 7.2/10. Published 2025-06-03.
How severe is CVE-2025-25021?: High severity. CVSS v3 base score is 7.2 out of 10.