CVE-2025-3631

Summary

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Affected Software

VendorProductVersion RangeStatus
IBMMQ9.3.2.0 CD <= 9.3.5.1 CDaffected
IBMMQ9.4.0.0 <= 9.4.2.1 CDaffected
IBMMQ9.4.0.0 LTS <= 9.4.0.11 LTSaffected
IBMMQ Appliance9.3.2.0 CD <= 9.3.5.2 CDaffected
IBMMQ Appliance9.4.0.0 LTS <= 9.4.0.11 LTSaffected
IBMMQ Appliance9.4.1.0 CD <= 9.4.2.1 CDaffected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References