CVE-2025-1334 is a medium-severity vulnerability affecting IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0. The vulnerability is categorized under CWE-525, which involves information exposure through browser caching. Specifically, the issue arises because web pages generated by these IBM security products are stored locally in the browser cache in a manner that allows them to be read by other users on the same system. This means that sensitive information displayed in the web interface of QRadar or Cloud Pak for Security could be inadvertently exposed to unauthorized users who have access to the same machine or user profile. The CVSS v3.1 base score is 4.0, indicating a medium severity level. The vector string (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) shows that the attack requires local access (AV:L), has low attack complexity (AC:L), requires no privileges or user interaction, and impacts confidentiality only with limited scope. There are no known exploits in the wild at the time of publication, and no patches have been linked yet. The vulnerability does not affect the integrity or availability of the system but can lead to unauthorized disclosure of sensitive information through cached web content. This is particularly relevant in multi-user environments where multiple users share the same workstation or user account, potentially allowing one user to access cached data from another user's session.

For European organizations using IBM QRadar Suite or IBM Cloud Pak for Security, this vulnerability could lead to unauthorized disclosure of sensitive security monitoring data or incident response information. Since these products are often used for security event management and threat detection, exposure of such data could reveal details about network architecture, detected threats, or security policies. This could aid attackers in crafting more targeted attacks or bypassing security controls. The impact is heightened in environments where workstations are shared among multiple users or where endpoint security controls are insufficient to isolate user sessions. Confidentiality breaches could undermine compliance with European data protection regulations such as GDPR, especially if personal data or security incident details are exposed. Although the vulnerability does not allow remote exploitation, insider threats or attackers with local access could leverage this flaw to gain unauthorized insights. The lack of impact on integrity and availability limits the scope of damage, but the confidentiality risk remains significant in sensitive environments.

To mitigate this vulnerability, European organizations should implement strict endpoint security controls to prevent unauthorized local access to systems running IBM QRadar Suite or IBM Cloud Pak for Security. This includes enforcing strong user account separation, disabling shared user accounts, and applying least privilege principles. Organizations should configure browsers used to access these products to limit caching of sensitive web pages, such as by enabling private browsing modes or configuring cache-control headers if possible. Additionally, organizations should monitor for updates or patches from IBM addressing this vulnerability and apply them promptly once available. As a temporary measure, restricting access to the affected web interfaces to trusted users and secure workstations can reduce risk. Regularly clearing browser caches and educating users about the risks of shared workstations can also help. Network segmentation and endpoint detection tools can further reduce the likelihood of local attackers exploiting cached data. Finally, auditing access logs and monitoring for unusual local access patterns can aid in early detection of exploitation attempts.