CVE-2025-36138: 
IBM QRadar SIEM vulnerability analysis and mitigation

CVE-2025-36138 affects IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02. The vulnerability was discovered and disclosed on October 27, 2025, and involves a stored cross-site scripting (XSS) vulnerability that affects the Web UI interface (NVD, IBM Advisory).

The vulnerability is a stored cross-site scripting (XSS) issue identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has been assigned a CVSS v3.1 base score of 6.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The vulnerability requires network access and low privilege level to exploit, but does not require user interaction (NVD).

A successful exploitation of this vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI. This can alter the intended functionality of the application and potentially lead to credentials disclosure within a trusted session (IBM Advisory).

IBM has released QRadar 7.5.0 UP14 to address this vulnerability. The vendor recommends customers update their systems promptly to this version. No temporary workarounds have been provided (IBM Advisory).

The vulnerability was reported to IBM by Fahimhusain Raydurg, a security researcher (IBM Advisory).