CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0975: IBM MQ code execution

8.8 CVSS

Description

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

Classification

CVE ID: CVE-2025-0975

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

Affected Products

Vendor: IBM

Product: MQ

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 19.54% (scored less or equal to compared to others)

EPSS Date: 2025-03-28 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0975
https://www.ibm.com/support/pages/node/7183467

Timeline

2025-02-28 03:40:09 UTC
CVE

IBM MQ code execution