CVE-2025-36128: CWE-772 Missing Release of Resource after Effective Lifetime in IBM MQ
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.
AI Analysis
Technical Summary
CVE-2025-36128 is a vulnerability identified in IBM MQ versions 9.1, 9.2, 9.3, and 9.4 (both LTS and CD releases) that allows remote attackers to cause a denial of service (DoS) condition. The root cause is a missing release of resources after the effective lifetime of individual read operations, classified under CWE-772 (Missing Release of Resource after Effective Lifetime). Specifically, IBM MQ does not properly enforce timeouts on read operations, which can be exploited by slowloris-type attacks. Slowloris attacks work by opening many connections to a target and sending partial requests very slowly, thereby exhausting server resources and preventing legitimate connections. In this case, an attacker can maintain numerous slow connections to IBM MQ, causing it to hold resources indefinitely and eventually leading to service unavailability. The vulnerability requires no authentication or user interaction, and the attack can be launched remotely over the network. The CVSS v3.1 base score is 7.5, indicating high severity due to the impact on availability (A:H), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). No known exploits have been reported in the wild yet, but the nature of the vulnerability and the widespread use of IBM MQ in enterprise messaging make it a critical concern. IBM has not yet published patches or mitigation details, but organizations should prepare to apply updates once available and consider interim protective measures.
Potential Impact
The primary impact of CVE-2025-36128 is a denial of service condition that affects the availability of IBM MQ services. IBM MQ is widely used in enterprise environments for reliable message queuing and integration between applications, especially in financial services, manufacturing, telecommunications, and government sectors. Disruption of MQ services can halt critical business processes, delay transaction processing, and cause cascading failures in interconnected systems. For European organizations, this can translate into operational downtime, financial losses, and reputational damage. Industries with stringent uptime requirements, such as banking and healthcare, are particularly vulnerable. Additionally, prolonged DoS conditions may trigger regulatory scrutiny under frameworks like GDPR if service disruptions impact personal data processing. Since the attack requires no authentication and can be launched remotely, the threat surface is broad, potentially affecting any exposed MQ endpoints. The lack of known exploits in the wild currently reduces immediate risk, but the vulnerability's characteristics make it a likely target for attackers once exploit code becomes available.
Mitigation Recommendations
1. Monitor IBM MQ service health and responsiveness closely to detect early signs of resource exhaustion or slowloris-style attacks. 2. Implement network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block slowloris attack patterns, including numerous slow or incomplete connections. 3. Configure IBM MQ connection and read operation timeouts to the lowest acceptable values to reduce the window for resource exhaustion. 4. Restrict network exposure of IBM MQ endpoints by limiting access to trusted IP ranges and using VPNs or private networks where possible. 5. Apply rate limiting and connection throttling on network devices to prevent excessive simultaneous connections from single sources. 6. Stay informed on IBM security advisories and apply official patches promptly once released. 7. Conduct regular security assessments and penetration tests focusing on MQ infrastructure to identify and remediate potential weaknesses. 8. Consider deploying redundant MQ instances and load balancing to improve resilience against DoS attacks. 9. Educate network and security teams about slowloris attack characteristics to improve detection and response capabilities.
Affected Countries
Germany, United Kingdom, France, Netherlands, Switzerland, Italy, Spain, Sweden
CVE-2025-36128: CWE-772 Missing Release of Resource after Effective Lifetime in IBM MQ
Description
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.
AI-Powered Analysis
Technical Analysis
CVE-2025-36128 is a vulnerability identified in IBM MQ versions 9.1, 9.2, 9.3, and 9.4 (both LTS and CD releases) that allows remote attackers to cause a denial of service (DoS) condition. The root cause is a missing release of resources after the effective lifetime of individual read operations, classified under CWE-772 (Missing Release of Resource after Effective Lifetime). Specifically, IBM MQ does not properly enforce timeouts on read operations, which can be exploited by slowloris-type attacks. Slowloris attacks work by opening many connections to a target and sending partial requests very slowly, thereby exhausting server resources and preventing legitimate connections. In this case, an attacker can maintain numerous slow connections to IBM MQ, causing it to hold resources indefinitely and eventually leading to service unavailability. The vulnerability requires no authentication or user interaction, and the attack can be launched remotely over the network. The CVSS v3.1 base score is 7.5, indicating high severity due to the impact on availability (A:H), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). No known exploits have been reported in the wild yet, but the nature of the vulnerability and the widespread use of IBM MQ in enterprise messaging make it a critical concern. IBM has not yet published patches or mitigation details, but organizations should prepare to apply updates once available and consider interim protective measures.
Potential Impact
The primary impact of CVE-2025-36128 is a denial of service condition that affects the availability of IBM MQ services. IBM MQ is widely used in enterprise environments for reliable message queuing and integration between applications, especially in financial services, manufacturing, telecommunications, and government sectors. Disruption of MQ services can halt critical business processes, delay transaction processing, and cause cascading failures in interconnected systems. For European organizations, this can translate into operational downtime, financial losses, and reputational damage. Industries with stringent uptime requirements, such as banking and healthcare, are particularly vulnerable. Additionally, prolonged DoS conditions may trigger regulatory scrutiny under frameworks like GDPR if service disruptions impact personal data processing. Since the attack requires no authentication and can be launched remotely, the threat surface is broad, potentially affecting any exposed MQ endpoints. The lack of known exploits in the wild currently reduces immediate risk, but the vulnerability's characteristics make it a likely target for attackers once exploit code becomes available.
Mitigation Recommendations
1. Monitor IBM MQ service health and responsiveness closely to detect early signs of resource exhaustion or slowloris-style attacks. 2. Implement network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block slowloris attack patterns, including numerous slow or incomplete connections. 3. Configure IBM MQ connection and read operation timeouts to the lowest acceptable values to reduce the window for resource exhaustion. 4. Restrict network exposure of IBM MQ endpoints by limiting access to trusted IP ranges and using VPNs or private networks where possible. 5. Apply rate limiting and connection throttling on network devices to prevent excessive simultaneous connections from single sources. 6. Stay informed on IBM security advisories and apply official patches promptly once released. 7. Conduct regular security assessments and penetration tests focusing on MQ infrastructure to identify and remediate potential weaknesses. 8. Consider deploying redundant MQ instances and load balancing to improve resilience against DoS attacks. 9. Educate network and security teams about slowloris attack characteristics to improve detection and response capabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ibm
- Date Reserved
- 2025-04-15T21:16:18.171Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68f124619f8a5dbaeaea87b5
Added to database: 10/16/2025, 4:59:13 PM
Last enriched: 10/16/2025, 5:13:56 PM
Last updated: 10/19/2025, 10:34:46 AM
Views: 30
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-11940: Uncontrolled Search Path in LibreWolf
HighCVE-2025-11939: Path Traversal in ChurchCRM
MediumCVE-2025-11938: Deserialization in ChurchCRM
MediumCVE-2025-62672: CWE-770 Allocation of Resources Without Limits or Throttling in boyns rplay
MediumCVE-2025-47410: CWE-352 Cross-Site Request Forgery (CSRF) in Apache Software Foundation Apache Geode
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.