Login Sign Up

CVE-2024-25016

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in IBM MQ and IBM MQ Appliance allows a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. It affects IBM MQ versions 9.0, 9.1, 9.2, 9.3 LTS, and 9.3 CD. The attacker does not need authentication to exploit this vulnerability.

💻 Affected Systems

Products:
  • IBM MQ
  • IBM MQ Appliance
Versions: 9.0, 9.1, 9.2, 9.3 LTS, 9.3 CD
Operating Systems: All platforms running affected IBM MQ versions
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations of affected versions are vulnerable. The vulnerability exists in the core buffering logic.

📦 What is this software?

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq Appliance by Ibm

View all CVEs affecting Mq Appliance →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of IBM MQ, making message queues unavailable and disrupting business processes that depend on message queuing.

🟠

Likely Case

Service degradation or temporary unavailability of IBM MQ services, requiring restart of affected components.

🟢

If Mitigated

Minimal impact if proper network segmentation and access controls prevent unauthenticated access to IBM MQ services.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and appears to be relatively straightforward to exploit based on the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes as specified in IBM advisory APAR IT43900

Vendor Advisory: https://www.ibm.com/support/pages/node/7123139

Restart Required: Yes

Instructions:

1. Review IBM advisory APAR IT43900. 2. Apply the appropriate fix pack for your version. 3. Restart IBM MQ services. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to IBM MQ services to only trusted sources

Use firewall rules to limit access to IBM MQ ports (typically 1414, 1415)

Authentication Enforcement

all

Ensure all connections require authentication even if the vulnerability itself doesn't require it

Configure IBM MQ to require authentication for all connections

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate IBM MQ from untrusted networks
  • Deploy network-based intrusion prevention systems to detect and block DoS attempts

🔍 How to Verify

Check if Vulnerable:

Check IBM MQ version using 'dspmqver' command and compare against affected versions

Check Version:

dspmqver

Verify Fix Applied:

Verify the fix is applied by checking version and consulting IBM fix documentation

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service restarts
  • Connection spikes from single sources
  • Error messages related to buffer handling

Network Indicators:

  • Unusual traffic patterns to IBM MQ ports
  • Multiple connection attempts from unauthenticated sources

SIEM Query:

source="ibm_mq" AND (event_type="service_restart" OR error_message="buffer")

📊 Metadata

CVE ID: CVE-2024-25016
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: March 3, 2024
Last Updated: May 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25016, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)