Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-36128: CWE-772 Missing Release of Resource after Effective Lifetime in IBM MQ

0
High
VulnerabilityCVE-2025-36128cvecve-2025-36128cwe-772
Published: Thu Oct 16 2025 (10/16/2025, 16:49:26 UTC)
Source: CVE Database V5
Vendor/Project: IBM
Product: MQ

Description

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service.

AI-Powered Analysis

AILast updated: 10/16/2025, 17:13:56 UTC

Technical Analysis

CVE-2025-36128 is a vulnerability identified in IBM MQ versions 9.1, 9.2, 9.3, and 9.4 (both LTS and CD releases) that allows remote attackers to cause a denial of service (DoS) condition. The root cause is a missing release of resources after the effective lifetime of individual read operations, classified under CWE-772 (Missing Release of Resource after Effective Lifetime). Specifically, IBM MQ does not properly enforce timeouts on read operations, which can be exploited by slowloris-type attacks. Slowloris attacks work by opening many connections to a target and sending partial requests very slowly, thereby exhausting server resources and preventing legitimate connections. In this case, an attacker can maintain numerous slow connections to IBM MQ, causing it to hold resources indefinitely and eventually leading to service unavailability. The vulnerability requires no authentication or user interaction, and the attack can be launched remotely over the network. The CVSS v3.1 base score is 7.5, indicating high severity due to the impact on availability (A:H), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). No known exploits have been reported in the wild yet, but the nature of the vulnerability and the widespread use of IBM MQ in enterprise messaging make it a critical concern. IBM has not yet published patches or mitigation details, but organizations should prepare to apply updates once available and consider interim protective measures.

Potential Impact

The primary impact of CVE-2025-36128 is a denial of service condition that affects the availability of IBM MQ services. IBM MQ is widely used in enterprise environments for reliable message queuing and integration between applications, especially in financial services, manufacturing, telecommunications, and government sectors. Disruption of MQ services can halt critical business processes, delay transaction processing, and cause cascading failures in interconnected systems. For European organizations, this can translate into operational downtime, financial losses, and reputational damage. Industries with stringent uptime requirements, such as banking and healthcare, are particularly vulnerable. Additionally, prolonged DoS conditions may trigger regulatory scrutiny under frameworks like GDPR if service disruptions impact personal data processing. Since the attack requires no authentication and can be launched remotely, the threat surface is broad, potentially affecting any exposed MQ endpoints. The lack of known exploits in the wild currently reduces immediate risk, but the vulnerability's characteristics make it a likely target for attackers once exploit code becomes available.

Mitigation Recommendations

1. Monitor IBM MQ service health and responsiveness closely to detect early signs of resource exhaustion or slowloris-style attacks. 2. Implement network-level protections such as Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) configured to detect and block slowloris attack patterns, including numerous slow or incomplete connections. 3. Configure IBM MQ connection and read operation timeouts to the lowest acceptable values to reduce the window for resource exhaustion. 4. Restrict network exposure of IBM MQ endpoints by limiting access to trusted IP ranges and using VPNs or private networks where possible. 5. Apply rate limiting and connection throttling on network devices to prevent excessive simultaneous connections from single sources. 6. Stay informed on IBM security advisories and apply official patches promptly once released. 7. Conduct regular security assessments and penetration tests focusing on MQ infrastructure to identify and remediate potential weaknesses. 8. Consider deploying redundant MQ instances and load balancing to improve resilience against DoS attacks. 9. Educate network and security teams about slowloris attack characteristics to improve detection and response capabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
ibm
Date Reserved
2025-04-15T21:16:18.171Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68f124619f8a5dbaeaea87b5

Added to database: 10/16/2025, 4:59:13 PM

Last enriched: 10/16/2025, 5:13:56 PM

Last updated: 10/19/2025, 10:34:46 AM

Views: 30

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats