CVE-2025-12755 — MEDIUM (4.0)

Vulnerability Description

IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues.

CVSS Score

4.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-117

References

https://www.ibm.com/support/pages/node/7260087

FAQ

What is CVE-2025-12755?

CVE-2025-12755 is a vulnerability with a CVSS score of 4.0 (MEDIUM). IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages a...

How severe is CVE-2025-12755?

CVE-2025-12755 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-12755?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.