PT-2025-18715 · Ibm · Ibm Mq Operator Sc2+2
Published
2025-05-01
·
Updated
2025-05-02
·
CVE-2025-27365
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
IBM MQ Operator LTS versions 2.0.0 through 2.0.29
IBM MQ Operator CD versions 3.0.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1
IBM MQ Operator SC2 versions 3.2.0 through 3.2.10
Description
A client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process, terminating it.
Recommendations
For IBM MQ Operator LTS versions 2.0.0 through 2.0.29, update to a version that contains a fix for this issue.
For IBM MQ Operator CD versions 3.0.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, update to a version that contains a fix for this issue.
For IBM MQ Operator SC2 versions 3.2.0 through 3.2.10, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the AMQRMPPA channel process to minimize the risk of exploitation.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Mq Operator
Ibm Mq Operator Lts
Ibm Mq Operator Sc2