CVE-2025-33119

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.

Weakness

The product stores a password in a configuration file that might be accessible to actors who do not know the password.

Affected Software

Potential Mitigations

References

https://www.ibm.com/support/pages/node/7250932

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-33119
CWE	https://cwe.mitre.org/data/definitions/260.html

Name	Vendor	Start Version	End Version
Qradar_security_information_and_event_manager	Ibm	7.5.0 (including)	7.5.0 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_1 (including)	7.5.0-update_pack_1 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_10 (including)	7.5.0-update_pack_10 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_11 (including)	7.5.0-update_pack_11 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_12 (including)	7.5.0-update_pack_12 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_13 (including)	7.5.0-update_pack_13 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_13_interim_fix_01 (including)	7.5.0-update_pack_13_interim_fix_01 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_13_interim_fix_02 (including)	7.5.0-update_pack_13_interim_fix_02 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_14 (including)	7.5.0-update_pack_14 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_2 (including)	7.5.0-update_pack_2 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_3 (including)	7.5.0-update_pack_3 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_4 (including)	7.5.0-update_pack_4 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_5 (including)	7.5.0-update_pack_5 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_6 (including)	7.5.0-update_pack_6 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_7 (including)	7.5.0-update_pack_7 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_8 (including)	7.5.0-update_pack_8 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_9 (including)	7.5.0-update_pack_9 (including)

Password in Configuration File

Weakness

Affected Software

Potential Mitigations

References