CVE-2025-1823 identifies a resource exhaustion vulnerability in IBM Jazz Reporting Service versions 7.1 and 7.0.3. The root cause is the lack of limits or throttling on resource allocation when processing SQL queries, classified under CWE-770 (Allocation of Resources Without Limits or Throttling). An authenticated user on the host network can craft SQL queries that consume excessive memory, leading to denial of service (DoS) by exhausting system resources. The attack vector requires network access with authentication privileges but does not require user interaction beyond submitting the malicious query. The vulnerability affects availability only, with no impact on confidentiality or integrity. The CVSS 3.1 base score is 3.5, reflecting low severity due to the limited attack surface and requirement for authentication. No known public exploits exist, and no patches have been linked yet. The vulnerability was published on February 4, 2026, with IBM as the vendor and Jazz Reporting Service as the affected product. This service is typically used in enterprise environments for reporting and analytics, making availability critical for business operations.

For European organizations, exploitation of this vulnerability could result in denial of service conditions in IBM Jazz Reporting Service environments, disrupting reporting and analytics capabilities. This could delay decision-making processes and impact operational efficiency, especially in sectors relying heavily on real-time data analysis such as finance, manufacturing, and public services. Since the vulnerability requires authenticated access on the host network, the risk is higher in environments with weak internal access controls or where the service is exposed to larger internal user bases. Although the impact on confidentiality and integrity is null, availability degradation can still cause significant business interruptions. Organizations with compliance requirements around service availability and uptime (e.g., financial institutions under PSD2 or healthcare under GDPR-related operational mandates) may face indirect regulatory or reputational consequences if service disruptions occur.

To mitigate this vulnerability, European organizations should implement strict network segmentation and access controls to limit authenticated user access to the Jazz Reporting Service host network. Employing role-based access control (RBAC) to restrict who can execute SQL queries within the service is critical. Monitoring and logging query patterns can help detect abnormal resource consumption early. Since no official patches are currently available, organizations should consider deploying application-layer firewalls or query throttling mechanisms to limit resource-intensive queries. Regularly updating IBM Jazz Reporting Service to the latest versions once patches are released is essential. Additionally, conducting internal audits to identify and remove unnecessary user privileges and enforcing strong authentication methods will reduce the attack surface. Incident response plans should include procedures for detecting and mitigating denial of service conditions caused by resource exhaustion.