CVE-2025-36007

Q: What is the severity of CVE-2025-36007?

CVE-2025-36007 has a CVSS score of 7.8 (HIGH). IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 contain a privilege escalation vulnerability due to improper privilege assignment in an update script. This allows authenticated users with lower privileges to execute arbitrary code with elevated system permissions. Organizations running affected QRadar SIEM versions are at risk.

7.8 HIGH

📋 TL;DR

IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 contain a privilege escalation vulnerability due to improper privilege assignment in an update script. This allows authenticated users with lower privileges to execute arbitrary code with elevated system permissions. Organizations running affected QRadar SIEM versions are at risk.

💻 Affected Systems

Products:

IBM QRadar SIEM

Versions: 7.5 through 7.5.0 Update Pack 13 Independent Fix 02

Operating Systems: Linux-based QRadar appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with authenticated access could gain full administrative control over the QRadar SIEM system, potentially compromising the entire security monitoring infrastructure and accessing sensitive log data.

🟠

Likely Case

Malicious insiders or compromised low-privilege accounts could elevate privileges to install backdoors, manipulate security alerts, or exfiltrate sensitive security data.

🟢

If Mitigated

With strict access controls, network segmentation, and proper monitoring, impact would be limited to isolated security monitoring components with minimal data exposure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access to the QRadar system. The vulnerability is in a standard update script, making exploitation straightforward for attackers with initial access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM QRadar SIEM 7.5.0 Update Pack 14 or later

Vendor Advisory: https://www.ibm.com/support/pages/node/7249277

Restart Required: Yes

Instructions:

1. Download Update Pack 14 or later from IBM Fix Central. 2. Follow IBM's QRadar update documentation. 3. Apply the update through the QRadar Admin interface. 4. Restart QRadar services as required.

🔧 Temporary Workarounds

Restrict update script permissions

linux

Manually modify permissions on the vulnerable update script to prevent unauthorized execution.

chmod 700 /opt/qradar/bin/update_script.sh
chown root:root /opt/qradar/bin/update_script.sh

🧯 If You Can't Patch

Implement strict access controls to limit who can authenticate to QRadar systems.
Monitor for unusual privilege escalation attempts and script execution in QRadar audit logs.

🔍 How to Verify

Check if Vulnerable:

Check QRadar version via Admin interface: System & License Management > Deployment Status. Verify version is between 7.5 and 7.5.0 UP13 IF02.

Check Version:

ssh to QRadar appliance and run: /opt/qradar/bin/qradar_versions.sh

Verify Fix Applied:

After applying Update Pack 14 or later, confirm version shows 7.5.0 UP14 or higher in Deployment Status.

📡 Detection & Monitoring

Log Indicators:

Unusual execution of update scripts by non-admin users
Privilege escalation attempts in system logs
Unexpected process execution with elevated privileges

Network Indicators:

Unusual authentication patterns to QRadar management interfaces
Suspicious outbound connections from QRadar systems

SIEM Query:

source="qradar" AND (event="privilege_escalation" OR process="update_script.sh") AND user!="admin"

📊 Metadata

CVE ID: CVE-2025-36007

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-266

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: October 27, 2025

Last Updated: December 15, 2025

🔗 References

https://www.ibm.com/support/pages/node/7249277 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

Qradar Security Information And Event Manager by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict update script permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities