PT-2025-42497 · Ibm · Ibm Mq

Published

2025-10-16

Updated

2025-10-28

CVE-2025-36128

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM MQ versions 9.1 through 9.4 LTS IBM MQ versions 9.3 through 9.4 CD

Description The software contains a flaw due to improper enforcement of timeouts on individual read operations. This can be exploited by a remote attacker to cause a denial of service by conducting slowloris-type attacks, which exhaust server resources by maintaining numerous slow or incomplete connections.

Recommendations For IBM MQ versions 9.1 through 9.4 LTS, ensure proper enforcement of timeouts on individual read operations. For IBM MQ versions 9.3 through 9.4 CD, ensure proper enforcement of timeouts on individual read operations.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

CVE-2025-36128

Affected Products

Ibm Mq

PT-2025-42497 · Ibm · Ibm Mq

CVE-2025-36128

Weakness Enumeration

Related Identifiers

Affected Products

References · 6