What is CVE-2025-36128?

CVE-2025-36128 is a high-severity vulnerability in Ibm Mq, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 7.5/10. Published 2025-10-16.

How severe is CVE-2025-36128?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Ibm Mq

CVE-2025-36128

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vul…

EPSS: 0.001 (29.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Ibm Mq — versions 9.1, 9.2, 9.3

Weakness classification (CWE)

CWE-772 — Missing Release of Resource after Effective Lifetime

References

www.ibm.com/support/pages/node/7244480 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-36128?: CVE-2025-36128 is a high-severity vulnerability in Ibm Mq, classified under Missing Release of Resource after Effective Lifetime. CVSS score: 7.5/10. Published 2025-10-16.
How severe is CVE-2025-36128?: High severity. CVSS v3 base score is 7.5 out of 10.