CVE-2025-13995
Unauthorized Data Access in IBM QRadar SIEM Tenant Isolation Flaw
Publication date: 2026-03-19
Last updated on: 2026-03-23
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-13995 is an information disclosure vulnerability in IBM QRadar SIEM versions 7.5.0 through 7.5.0 Update Package 14. It allows an attacker who has access to one tenant's account to retrieve hostname data from another tenant's account. This issue is related to incorrect user management, classified under CWE-286."}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of hostname information across tenant boundaries within IBM QRadar SIEM. An attacker with access to one tenant could gain insight into the network infrastructure of another tenant, potentially aiding further attacks or reconnaissance. The vulnerability has a CVSS v3.1 base score of 5.0, indicating a moderate severity with network attack vector and low attack complexity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
IBM strongly recommends updating affected QRadar SIEM systems to version 7.5.0 UP15 to remediate this vulnerability.
No workarounds or mitigations are provided in the security bulletin.