CVE-2025-33121

High CVSS 7.1

Overview

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CWE: CWE-611 Published: 2025-06-19T18:15:21.470

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.1 (HIGH)
Detected tags: info_leak, xxe (tag impact: MODERATE)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Disable external entities in XML parsers; use safe libraries.

Overview

Recommended tools

Tags