CVE-2025-33119

Q: What is the severity of CVE-2025-33119?

CVE-2025-33119 has a CVSS score of 6.5 (MEDIUM). IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 store user credentials in configuration files that are committed to source control. This allows authenticated users to read sensitive credentials, potentially leading to privilege escalation or lateral movement within the environment.

6.5 MEDIUM

📋 TL;DR

IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 store user credentials in configuration files that are committed to source control. This allows authenticated users to read sensitive credentials, potentially leading to privilege escalation or lateral movement within the environment.

💻 Affected Systems

Products:

IBM QRadar SIEM

Versions: 7.5 through 7.5.0 UP14

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: This affects all deployments where configuration files with credentials are stored in source control repositories accessible to authenticated users.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could obtain administrative credentials, take full control of the QRadar system, access sensitive security data, and pivot to other systems in the network.

🟠

Likely Case

An authenticated user with limited privileges could escalate their access by obtaining credentials stored in configuration files, potentially gaining administrative control over QRadar.

🟢

If Mitigated

With proper access controls and monitoring, credential exposure would be limited to authorized users only, reducing the risk of malicious exploitation.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the system where configuration files are stored. The vulnerability involves simply reading accessible files containing credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.5.0 UP15 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7250932

Restart Required: Yes

Instructions:

1. Download and install IBM QRadar SIEM 7.5.0 UP15 or later from IBM Fix Central. 2. Follow the standard QRadar upgrade procedure. 3. Restart all QRadar services after installation.

🔧 Temporary Workarounds

Remove credentials from source control

all

Manually review and remove any credentials stored in configuration files that are committed to source control repositories.

Review git history and configuration files for credential storage
Use git filter-branch or BFG Repo-Cleaner to remove credentials from history

Restrict access to source control

all

Limit access to source control repositories containing QRadar configuration files to only authorized administrators.

Configure repository access controls in your source control system
Implement multi-factor authentication for repository access

🧯 If You Can't Patch

Implement strict access controls to limit who can access source control repositories containing QRadar configuration files.
Regularly audit and rotate any credentials that may have been exposed in configuration files.

🔍 How to Verify

Check if Vulnerable:

Check if your QRadar version is between 7.5 and 7.5.0 UP14 by running: /opt/qradar/bin/qradar_versions

Check Version:

/opt/qradar/bin/qradar_versions

Verify Fix Applied:

After upgrading, verify the version is 7.5.0 UP15 or later using: /opt/qradar/bin/qradar_versions

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to source control repositories
Failed authentication attempts followed by successful access to sensitive files

Network Indicators:

Unusual network traffic to source control servers from non-admin users

SIEM Query:

sourceIP=* AND destinationIP=<source_control_server> AND (eventName="RepositoryAccess" OR eventName="FileAccess") AND userRole!="Administrator"

📊 Metadata

CVE ID: CVE-2025-33119

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-260

EPSS Score: 0.04% exploit probability (11.9th percentile)

Published: November 12, 2025

Last Updated: December 15, 2025

🔗 References

https://www.ibm.com/support/pages/node/7250932 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Remove credentials from source control

Restrict access to source control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities