CVE-2025-13995
Received Received - Intake
Unauthorized Data Access in IBM QRadar SIEM Tenant Isolation Flaw

Publication date: 2026-03-19

Last updated on: 2026-03-23

Assigner: IBM Corporation

Description
IBM QRadar SIEMΒ 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13995
EUVD
EUVD-2025-208850
Affected Vendors & Products
Showing 15 associated CPEs
Vendor Product Version / Range
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-13995 is an information disclosure vulnerability in IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14. It allows an attacker who has access to one tenant's account to retrieve hostname data from another tenant's account. This issue is related to incorrect user management, classified under CWE-286."}] [1]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of hostname information across tenant boundaries within IBM QRadar SIEM. An attacker with access to one tenant could gain insight into the network infrastructure of another tenant, potentially aiding further attacks or reconnaissance. The vulnerability has a CVSS v3.1 base score of 5.0, indicating a moderate severity with network attack vector and low attack complexity.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

IBM strongly recommends updating affected QRadar SIEM systems to version 7.5.0 UP15 to remediate this vulnerability.

No workarounds or mitigations are provided in the security bulletin.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13995. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart