SB2025072909 - Multiple vulnerabilities in IBM QRadar Investigation Assistant

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025072909

SB2025072909 - Multiple vulnerabilities in IBM QRadar Investigation Assistant

Published: July 29, 2025

Security Bulletin ID SB2025072909
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 17% Medium 17% Low 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Protection Mechanism Failure (CVE-ID: CVE-2025-50181)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries. A remote attacker can force the library to follow redirects even if explicitly disabled with PoolManager.


2) Protection Mechanism Failure (CVE-ID: CVE-2025-50182)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Redirect object when handling redirects and retries in a Pyodide runtime. A remote attacker can force the library to follow redirects even if explicitly disabled.


3) Inefficient regular expression complexity (CVE-ID: CVE-2025-5889)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote user can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


4) Cryptographic issues (CVE-ID: CVE-2025-47278)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to the way fallback key configuration was handled. The application used the last fallback key for signing, rather than the current signing key, which could potentially lead to data tampering.


5) Insufficiently protected credentials (CVE-ID: CVE-2024-47081)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the library leaks .netrc credentials to third parties for specific maliciously-crafted URLs. A remote attacker can gain access to sensitive information. 


6) Path traversal (CVE-ID: CVE-2025-48387)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to an issue where an extract can write outside the specified dir with a specific tarball. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


Remediation

Install update from vendor's website.

References