PT-2025-23628 · Ibm · Ibm Cloud Pak For Security+1
Ben Goodspeed
+5
·
Published
2025-06-03
·
Updated
2025-08-12
·
CVE-2025-25019
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0
IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0
Description
The issue arises because the software does not invalidate a session after a user logs out, potentially allowing a user to impersonate another user on the system.
Recommendations
For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version that properly invalidates sessions after logout.
For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that properly invalidates sessions after logout.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cloud Pak For Security
Ibm Qradar Suite