Login Sign Up

CVE-2025-36128

7.5 HIGH
Denial of Service

📋 TL;DR

IBM MQ is vulnerable to denial of service attacks where attackers can exploit improper timeout enforcement on read operations to exhaust server resources. This affects IBM MQ versions 9.1 through 9.4 LTS and 9.3 through 9.4 CD deployments. Attackers can use slowloris-type attacks to keep connections open and degrade or crash MQ services.

💻 Affected Systems

Products:
  • IBM MQ
Versions: 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

Mq by Ibm

View all CVEs affecting Mq →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of IBM MQ, disrupting message queuing for dependent applications and causing business process failures.

🟠

Likely Case

Degraded performance and intermittent service disruptions as connections are exhausted, impacting message throughput and reliability.

🟢

If Mitigated

Minimal impact with proper network segmentation, rate limiting, and monitoring in place to detect and block attack patterns.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Slowloris attacks are well-known and easy to implement with readily available tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fixes per IBM advisory: 9.1 LTS (9.1.0.15), 9.2 LTS (9.2.0.13), 9.3 LTS (9.3.0.11), 9.4 LTS (9.4.0.4), 9.3 CD (9.3.0.11), 9.4 CD (9.4.0.4)

Vendor Advisory: https://www.ibm.com/support/pages/node/7244480

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Download appropriate fix pack from IBM Fix Central. 3. Apply fix following IBM installation procedures. 4. Restart IBM MQ services.

🔧 Temporary Workarounds

Network-level rate limiting

all

Implement connection rate limiting and timeout enforcement at network perimeter devices.

Web Application Firewall rules

all

Configure WAF to detect and block slowloris attack patterns.

🧯 If You Can't Patch

  • Implement strict network segmentation to limit exposure to trusted sources only.
  • Deploy intrusion prevention systems with slowloris detection capabilities.

🔍 How to Verify

Check if Vulnerable:

Check IBM MQ version using 'dspmqver' command and compare against affected versions.

Check Version:

dspmqver

Verify Fix Applied:

Verify version after patching with 'dspmqver' and ensure it matches fixed versions listed in advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unusually high number of open connections
  • Connection timeout errors
  • Increased AMQERR*.LOG entries

Network Indicators:

  • Multiple slow HTTP/HTTPS connections from single source
  • Incomplete HTTP requests with long delays

SIEM Query:

source="ibm_mq" AND (error="timeout" OR connections>threshold)

📊 Metadata

CVE ID: CVE-2025-36128
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-772
EPSS Score: 0.14% exploit probability (34.6th percentile)
Published: October 16, 2025
Last Updated: October 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36128, you might also want to check these:

CVE-2024-2398 8.6

CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers ...

Same vulnerability type (CWE-772)
CVE-2022-26353 7.5

A memory leak vulnerability in QEMU's virtio-net device occurs when cached virtqueue elements aren't...

Same vulnerability type (CWE-772)
CVE-2025-24120 7.5

A memory management vulnerability in macOS allows attackers to cause application crashes through imp...

Same vulnerability type (CWE-772)