CVE-2025-3631

IBM MQ denial of service

Description

An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

Solution:

This issue was addressed under known issue DT435291 . IBM MQ version 9.4 LTS Apply fix pack 9.4.0.12 IBM MQ version 9.3 CD and 9.4 CD Upgrade to IBM MQ version 9.4.3 IBM MQ Appliance version 9.3 CD Upgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware. IBM MQ Appliance version 9.4 LTS Apply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.

Link	Tags
https://www.ibm.com/support/pages/node/7238310	vendor advisory
https://www.ibm.com/support/pages/node/7237025	vendor advisory

What is the severity of CVE-2025-3631?: CVE-2025-3631 has been scored as a medium severity vulnerability.
How to fix CVE-2025-3631?: To fix CVE-2025-3631: This issue was addressed under known issue DT435291 . IBM MQ version 9.4 LTS Apply fix pack 9.4.0.12 IBM MQ version 9.3 CD and 9.4 CD Upgrade to IBM MQ version 9.4.3 IBM MQ Appliance version 9.3 CD Upgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware. IBM MQ Appliance version 9.4 LTS Apply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware. IBM MQ Appliance version 9.4 CD Apply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.
Is CVE-2025-3631 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-3631 is being actively exploited.
What software or system is affected by CVE-2025-3631?: CVE-2025-3631 affects IBM MQ, IBM MQ Appliance.