CVE-2025-23225

🗓️ 28 Feb 2025 02:23:30Reported by ibmType

IBM MQ versions may allow denial of service through improper handling of invalid headers.

Reporter	Title	Published	Views	Family All 15
IBM Security Bulletins	Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2025-23225)	27 Feb 202520:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ for HPE NonStop Server is affected by denial of service vulnerability (CVE-2025-23225)	15 May 202514:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to golang.org/x/net/html, libxml2 and openssl	28 Feb 202507:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2025-23225)	27 Feb 202520:38	–	ibm
Circl	CVE-2025-23225	28 Feb 202503:26	–	circl
CNNVD	IBM MQ 安全漏洞	28 Feb 202500:00	–	cnnvd
CNVD	IBM MQ Denial of Service Vulnerability (CNVD-2025-05564)	13 Mar 202500:00	–	cnvd
Cvelist	CVE-2025-23225 IBM MQ denial of service	28 Feb 202502:23	–	cvelist
EUVD	EUVD-2025-5483	3 Oct 202520:07	–	euvd
Tenable Nessus	IBM MQ DoS (7184327)	14 Mar 202500:00	–	nessus

NVD

Vulners

Node

ibm mq_applianceRange≤9.4.2continuous_delivery

ibm mq_applianceRange9.3.0.0–9.3.0.27lts

ibm mq_applianceRange9.4.0.0–9.4.0.10lts

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:lts:*:*:*",
      "cpe:2.3:a:ibm:mq:9.3.0:*:*:*:continuous_delivery:*:*:*",
      "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:lts:*:*:*",
      "cpe:2.3:a:ibm:mq:9.4.0:*:*:*:continuous_delivery:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "MQ",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7183372

03 Jul 2025 20:25Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

EPSS0.00184

SSVC

CWE-230

cve-2025-23225 ibm mq denial of service invalid headers