CVE Alert: CVE-2025-36128 – IBM – MQ

October 16, 2025

CVE-2025-36128

HIGHNo exploitation known

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

CVSS v3.1 (7.5)
AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED
Vendor
IBM, IBM
Product
MQ, MQ
Versions
9.1 | 9.2 | 9.3 | 9.4 | 9.3 | 9.4
CWE
CWE-772, CWE-772 Missing Release of Resource after Effective Lifetime
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published
2025-10-16T16:49:26.251Z
Updated
2025-10-16T18:13:32.234Z
cpe:2.3:a:ibm:mq:9.1.0:*:*:*:lts:*:*:*cpe:2.3:a:ibm:mq:9.2.0:*:*:*:lts:*:*:*cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*

AI Summary Analysis

Risk verdict

High risk of remote denial of service if the MQ instance is reachable; patching and exposure assessment should be prioritised, especially where network-facing endpoints exist.

Why this matters

An unauthenticated remote attacker can trigger slowloris-style read timeouts to exhaust MQ resources, potentially halting message processing and disrupting business workflows. In environments where MQ underpins critical integrations or message flows, a DoS could cascade into application downtime and service-level impact.

Most likely attack path

Exploitation is network-based with no privileges or user interaction required, and low complexity. An attacker sends crafted, slow requests to the MQ listener, tying up reads and worker threads, leading to resource exhaustion while the scope remains unchanged; pattern fits high-volume, stealthy connectivity from the internet or poorly segmented networks.

Who is most exposed

Organizations running IBM MQ 9.1–9.4 in production, especially where MQ endpoints are exposed directly to untrusted networks or poorly protected DMZs, are at greatest risk. CD and LTS deployments alike may be affected if not properly shielded.

Detection ideas

  • Spike in half-open/long-lived connections and elevated connection timeout messages.
  • Unusual CPU/memory usage on MQ nodes without corresponding business activity.
  • Logs showing repeated read-timeouts or backlog growth.
  • Proxy/WAF logs noting slowloris-like patterns targeting MQ endpoints.
  • Anomalous traffic from a small set of IPs or geographies.

Mitigation and prioritisation

  • Patch to latest supported version for affected lines; follow IBM advisory guidance.
  • Implement load balancer request buffering and strict timeouts; enable reverse proxy/WAF with rate limiting.
  • Enforce concurrent-connection limits and IP-based throttling; isolate MQ behind network segmentation.
  • Validate change management in non-production before rollout; schedule a maintenance window if required.
  • If KEV is present or EPSS ≥ 0.5, treat as priority 1. (No explicit KEV/EPSS flag shown here.)

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , , , , ,

You may have missed

image

CVE Alert: CVE-2025-36128 – IBM – MQ

October 16, 2025
image

CVE Alert: CVE-2025-53951 – Fortinet – FortiDLP

October 16, 2025
image

[PLAY] – Ransomware Victim: BMP Worldwide

October 16, 2025
hackerone

HackerOne Bug Bounty Disclosure: path-traversal-vulnerability-in-nextcloud-tables-enables-arbitrary-file-exfiltration-of-any-files-supported-by-phpspreadsheet-library-daroo

October 16, 2025
mythic

Mythic C2 Detected – 188[.]124[.]51[.]141:7443

October 16, 2025