CVE-2025-33013

Summary

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release.

Affected Software

VendorProductVersion RangeStatus
IBMMQ Operator2.0.0 LTS <= 2.0.29 LTSaffected
IBMMQ Operator3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CDaffected
IBMMQ Operator3.2.0 SC2 <= 3.2.13 SC2affected

Weaknesses

  • CWE-244: CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References