CVE-2025-36041 MEDIUM

CVE-2025-36041: IBM MQ improper certificate validation

Vendor Ibm
Product MQ Operator
Weakness CWE-295
Published June 15, 2025
Last update August 24, 2025

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

Key dates

02Disclosure timeline

June 15, 2025 CVE published
August 24, 2025 Record updated