CVE-2025-1823

3.5 LOW

Denial of Service

📋 TL;DR

This vulnerability in IBM Jazz Reporting Service allows authenticated users on the host network to execute specially crafted SQL queries that consume excessive memory, potentially causing denial of service. Only authenticated users with network access to the service are affected.

💻 Affected Systems

Products:

IBM Jazz Reporting Service

Versions: Specific versions not detailed in advisory; check IBM advisory for affected versions

Operating Systems: All supported platforms for IBM Jazz Reporting Service

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access and network connectivity to the service

📦 What is this software?

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

Jazz Reporting Service by Ibm

View all CVEs affecting Jazz Reporting Service →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability due to memory exhaustion, affecting all users of the reporting service

🟠

Likely Case

Temporary service degradation or intermittent outages during exploitation attempts

🟢

If Mitigated

Minimal impact with proper network segmentation and authentication controls

🌐 Internet-Facing: LOW (requires authenticated access and host network presence)

🏢 Internal Only: MEDIUM (authenticated internal users could disrupt reporting services)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW (requires SQL knowledge but simple to execute)

Exploitation requires authenticated access and ability to submit SQL queries to the reporting service

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check IBM advisory for specific fixed versions

Vendor Advisory: https://www.ibm.com/support/pages/node/7258083

Restart Required: Yes

Instructions:

1. Review IBM advisory for affected versions. 2. Apply the recommended fix or upgrade to patched version. 3. Restart the Jazz Reporting Service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Restrict User Permissions

all

Limit SQL query execution permissions to trusted users only

Implement Query Limits

all

Configure memory and query execution limits in Jazz Reporting Service

🧯 If You Can't Patch

Implement strict network segmentation to limit access to only necessary users
Monitor for unusual memory consumption patterns and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check IBM Jazz Reporting Service version against affected versions listed in IBM advisory

Check Version:

Check Jazz Reporting Service administration console or configuration files for version information

Verify Fix Applied:

Verify version is updated to patched version and test SQL query functionality

📡 Detection & Monitoring

Log Indicators:

Unusually large memory consumption by Jazz Reporting Service process
Multiple complex SQL queries from single user in short timeframe

Network Indicators:

Increased network traffic to Jazz Reporting Service port followed by service degradation

SIEM Query:

source="jazz_reporting.log" AND (message="memory" OR message="query") AND severity=ERROR

📊 Metadata

CVE ID: CVE-2025-1823

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-770

EPSS Score: 0.02% exploit probability (3.8th percentile)

Published: February 4, 2026

Last Updated: February 12, 2026

🔗 References

https://www.ibm.com/support/pages/node/7258083 Vendor Advisory