CVE-2025-36379 – IBM Security QRadar EDR and ReaQta use weak cry... (How to Fix)

Q: What is the severity of CVE-2025-36379?

CVE-2025-36379 has a CVSS score of 5.9 (MEDIUM). IBM Security QRadar EDR and ReaQta use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using IBM Security QRadar EDR versions 3.12 through 3.12.23 and IBM Security ReaQta.

📋 TL;DR

IBM Security QRadar EDR and ReaQta use weak cryptographic algorithms that could allow attackers to decrypt sensitive information. This affects organizations using IBM Security QRadar EDR versions 3.12 through 3.12.23 and IBM Security ReaQta.

💻 Affected Systems

Products:

IBM Security QRadar EDR
IBM Security ReaQta

Versions: 3.12 through 3.12.23

Operating Systems: Not OS-specific - affects the application itself

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using affected versions with default cryptographic settings are vulnerable.

📦 What is this software?

Qradar Edr by Ibm

View all CVEs affecting Qradar Edr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers decrypt highly sensitive security data, including threat intelligence, endpoint telemetry, or configuration secrets, potentially compromising the entire security monitoring infrastructure.

🟠

Likely Case

Attackers with network access decrypt intercepted communications or stored data to gain insights into security posture, evade detection, or extract credentials.

🟢

If Mitigated

With proper network segmentation and encryption controls, attackers cannot access encrypted data streams, limiting impact to theoretical risk.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to encrypted data and cryptographic analysis capabilities. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix per IBM Security Advisory 7260390

Vendor Advisory: https://www.ibm.com/support/pages/node/7260390

Restart Required: Yes

Instructions:

1. Review IBM Security Advisory 7260390. 2. Apply the recommended fix/update from IBM. 3. Restart affected services. 4. Verify cryptographic algorithms have been strengthened.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate QRadar EDR/ReaQta systems from untrusted networks to prevent data interception.

Encryption Layer

all

Implement additional encryption (e.g., VPN, TLS) for network communications to protect data in transit.

🧯 If You Can't Patch

Isolate affected systems in a dedicated security VLAN with strict access controls.
Monitor network traffic to/from affected systems for unusual decryption attempts or data exfiltration.

🔍 How to Verify

Check if Vulnerable:

Check IBM Security QRadar EDR/ReaQta version. If version is between 3.12 and 3.12.23 inclusive, system is vulnerable.

Check Version:

Check via IBM QRadar EDR/ReaQta administration interface or consult IBM documentation for version query commands.

Verify Fix Applied:

Verify version is updated beyond 3.12.23 and confirm cryptographic settings use strong algorithms (e.g., AES-256, SHA-256).

📡 Detection & Monitoring

Log Indicators:

Unusual cryptographic operations or errors in application logs
Failed decryption attempts or cryptographic protocol violations

Network Indicators:

Unusual traffic patterns to/from QRadar EDR/ReaQta systems
Suspicious decryption-related network activity

SIEM Query:

source="qradar_edr" OR source="reaqta" AND (event_type="crypto_error" OR event_type="decryption_failure")

📊 Metadata

CVE ID: CVE-2025-36379

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-326

Published: February 17, 2026

Last Updated: February 20, 2026

🔗 References

https://www.ibm.com/support/pages/node/7260390 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36379, you might also want to check these: