Use After Free in Ibm Mq Operator
CVE-2025-27365
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AM…
Vulnerability class: Use-After-Free
EPSS: 0.002 (43.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Ibm Mq Operator — versions 2.0.0 LTS, 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1 CD, 3.2.0 SC2
Weakness classification (CWE)
References
- www.ibm.com/support/pages/node/7232272 (vendor-advisory, patch)
Frequently asked questions
- What is CVE-2025-27365?
- CVE-2025-27365 is a medium-severity vulnerability in Ibm Mq Operator, classified under Use After Free. CVSS score: 6.5/10. Published 2025-05-01.
- How severe is CVE-2025-27365?
- Medium severity. CVSS v3 base score is 6.5 out of 10.