CVE-2025-36170: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is affected by a stored cross-site scripting vulnerability (CVE-2025-36170). The vulnerability was discovered and disclosed on October 27, 2025, and affects the Web UI component of the QRadar SIEM system. This security issue allows authenticated users to embed arbitrary JavaScript code in the Web UI (IBM Advisory).

The vulnerability is classified as a stored cross-site scripting (CWE-79) issue that affects the Web UI component. According to the CVSS v3.1 scoring, IBM Corporation initially rated it with a base score of 6.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The vulnerability requires low attack complexity and low privileges, with network-based attack vector and changed scope (NVD).

The exploitation of this vulnerability can lead to credentials disclosure within a trusted session. The attacker can alter the intended functionality of the Web UI by embedding malicious JavaScript code, potentially compromising user credentials and sensitive information (IBM Advisory).

IBM has released QRadar 7.5.0 UP14 as a fix for this vulnerability. The vendor encourages customers to update their systems promptly to this version. No temporary workarounds or mitigations have been provided (IBM Advisory).

The vulnerability was reported to IBM by security researcher Fahimhusain Raydurg (IBM Advisory).