Unrated severityNVD Advisory· Published Oct 16, 2025· Updated Oct 16, 2025

IBM MQ denial of service

CVE-2025-36128

Description

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

Affected products

IBM/MQv52 versions
cpe:2.3:a:ibm:mq:9.1.0:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:a:ibm:mq:9.1.0:*:*:*:lts:*:*:*range: 9.1
- cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*range: 9.3
IBM/MQllm-fuzzy
Range: 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7244480mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000