CVE-2025-12755

Name of the Vulnerable Software and Affected Versions IBM MQ versions 3.2.0 through 3.8.1 IBM MQ LTS versions 2.0.0 through 2.0.29 IBM MQ 9.3.x versions IBM MQ 9.4.x versions

Description The software contains a flaw where log messages are not properly neutralized before being written to log files. This could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log-processing issues.

Recommendations Update IBM MQ to a version later than 3.8.1. Update IBM MQ LTS to a version later than 2.0.29. Update IBM MQ 9.3.x to a later release. Update IBM MQ 9.4.x to a later release.