CVE-2025-27365

IBM MQ Operator denial of service

Description

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Remediation

Solution:

Issues mentioned by this security bulletin are addressed in IBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. IBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image. IBM MQ Container 9.4.2.1-r1 release. IBM strongly recommends applying the latest container images.

References

Link	Tags
https://www.ibm.com/support/pages/node/7232272	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-27365?: CVE-2025-27365 has been scored as a medium severity vulnerability.
How to fix CVE-2025-27365?: To fix CVE-2025-27365: Issues mentioned by this security bulletin are addressed in IBM MQ Operator v3.5.2 CD release that included IBM supplied MQ Advanced 9.4.2.1-r1 container image. IBM MQ Operator v3.2.11 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r1 container image. IBM MQ Container 9.4.2.1-r1 release. IBM strongly recommends applying the latest container images.
Is CVE-2025-27365 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-27365 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-27365?: CVE-2025-27365 affects IBM MQ Operator.

Description

Remediation

Category

CWE-416 – Use After Free

References

Frequently Asked Questions