Unrated severityNVD Advisory· Published Sep 7, 2025· Updated Oct 9, 2025
IBM MQ information disclosure
CVE-2025-36100
Description
IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- IBM/MQv52 versions
cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:a:ibm:mq:9.1.0.0:*:*:*:lts:*:*:*range: 9.1.0.0
- cpe:2.3:a:ibm:mq:9.3.0.0:*:*:*:continuous_delivery:*:*:*range: 9.3.0.0
Patches
Vulnerability mechanics
References
1- www.ibm.com/support/pages/node/7243544mitrevendor-advisorypatch
News mentions
0No linked articles in our index yet.