CVE-2025-33013
IBM MQ Operator information disclosure
In short
IBM MQ Operator fails to properly erase sensitive data from memory before releasing it, allowing a local user to read leftover information like passwords or keys. This is a data leakage risk for systems using affected versions.
Technical detail
Improper heap memory clearing in IBM MQ Operator LTS, CD, and SC2 versions enables local privilege escalation or information disclosure. An unprivileged local user can inspect released memory segments to recover cryptographic material, credentials, or configuration secrets. Attack requires local system access and knowledge of memory layout.
Summary generated and translated by AI from the official description.
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
IBM · MQ OperatorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →