{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3631", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T09:48:13.276Z", "datePublished": "2025-07-11T18:37:38.769Z", "dateUpdated": "2025-08-18T01:35:24.388Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"], "defaultStatus": "unaffected", "product": "MQ", "vendor": "IBM", "versions": [{"lessThanOrEqual": "9.3.5.1 CD", "status": "affected", "version": "9.3.2.0 CD", "versionType": "semver"}, {"lessThanOrEqual": "9.4.2.1 CD", "status": "affected", "version": "9.4.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.4.0.11 LTS", "status": "affected", "version": "9.4.0.0 LTS", "versionType": "semver"}]}, {"cpes": ["cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"], "defaultStatus": "unaffected", "product": "MQ Appliance", "vendor": "IBM", "versions": [{"lessThanOrEqual": "9.3.5.2 CD", "status": "affected", "version": "9.3.2.0 CD", "versionType": "semver"}, {"lessThanOrEqual": "9.4.0.11 LTS", "status": "affected", "version": "9.4.0.0 LTS", "versionType": "semver"}, {"lessThanOrEqual": "9.4.2.1 CD", "status": "affected", "version": "9.4.1.0 CD", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."}], "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:35:24.388Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7238310"}, {"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7237025"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This issue was addressed under known issue DT435291 .<br><br>IBM MQ version 9.4 LTS<br><br>Apply fix pack 9.4.0.12<br><br>IBM MQ version 9.3 CD and 9.4 CD<br><br>Upgrade to IBM MQ version 9.4.3<br><br><div><div><div><div>IBM MQ Appliance version 9.3 CD</div></div></div><div><div><div>Upgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.</div></div></div><div>&nbsp;<div><div>IBM MQ Appliance version 9.4 LTS</div><div><div>Apply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.</div>&nbsp;<div>IBM MQ Appliance version 9.4 CD</div><div>Apply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.</div></div></div></div></div>\n\n<br>"}], "value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware."}], "source": {"discovery": "UNKNOWN"}, "title": "IBM MQ denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T18:51:57.975695Z", "id": "CVE-2025-3631", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T18:52:08.264Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3631", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T18:51:57.975695Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T18:52:00.944Z"}}], "cna": {"title": "IBM MQ denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:mq:9.3.2.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.3.5.1:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.2.1:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq:9.4.0.11:*:*:*:lts:*:*:*"], "vendor": "IBM", "product": "MQ", "versions": [{"status": "affected", "version": "9.3.2.0 CD", "versionType": "semver", "lessThanOrEqual": "9.3.5.1 CD"}, {"status": "affected", "version": "9.4.0.0", "versionType": "semver", "lessThanOrEqual": "9.4.2.1 CD"}, {"status": "affected", "version": "9.4.0.0 LTS", "versionType": "semver", "lessThanOrEqual": "9.4.0.11 LTS"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:ibm:mq_appliance:9.3.2.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.3.5.2:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.0.0:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.0.11:*:*:*:lts:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.1.0:*:*:*:continuous_delivery:*:*:*", "cpe:2.3:a:ibm:mq_appliance:9.4.2.1:*:*:*:continuous_delivery:*:*:*"], "vendor": "IBM", "product": "MQ Appliance", "versions": [{"status": "affected", "version": "9.3.2.0 CD", "versionType": "semver", "lessThanOrEqual": "9.3.5.2 CD"}, {"status": "affected", "version": "9.4.0.0 LTS", "versionType": "semver", "lessThanOrEqual": "9.4.0.11 LTS"}, {"status": "affected", "version": "9.4.1.0 CD", "versionType": "semver", "lessThanOrEqual": "9.4.2.1 CD"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue was addressed under known issue DT435291 .\n\nIBM MQ version 9.4 LTS\n\nApply fix pack 9.4.0.12\n\nIBM MQ version 9.3 CD and 9.4 CD\n\nUpgrade to IBM MQ version 9.4.3\n\nIBM MQ Appliance version 9.3 CD\n\n\n\n\n\nUpgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\n\n\n\n\u00a0IBM MQ Appliance version 9.4 LTS\n\nApply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.\n\n\u00a0IBM MQ Appliance version 9.4 CD\n\nApply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.", "supportingMedia": [{"type": "text/html", "value": "This issue was addressed under known issue DT435291 .<br><br>IBM MQ version 9.4 LTS<br><br>Apply fix pack 9.4.0.12<br><br>IBM MQ version 9.3 CD and 9.4 CD<br><br>Upgrade to IBM MQ version 9.4.3<br><br><div><div><div><div>IBM MQ Appliance version 9.3 CD</div></div></div><div><div><div>Upgrade to IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.</div></div></div><div>&nbsp;<div><div>IBM MQ Appliance version 9.4 LTS</div><div><div>Apply IBM MQ Appliance cumulative security update 9.4.0.12, or later firmware.</div>&nbsp;<div>IBM MQ Appliance version 9.4 CD</div><div>Apply IBM MQ Appliance cumulative security update 9.4.3.0, or later firmware.</div></div></div></div></div>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7238310", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.ibm.com/support/pages/node/7237025", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.", "supportingMedia": [{"type": "text/html", "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-08-18T01:35:24.388Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3631", "state": "PUBLISHED", "dateUpdated": "2025-08-18T01:35:24.388Z", "dateReserved": "2025-04-15T09:48:13.276Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-07-11T18:37:38.769Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "BA8A634C-E4C9-4323-92F7-600578B7762D", "versionEndIncluding": "9.3.5.2", "versionStartIncluding": "9.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "matchCriteriaId": "E7911CD0-3FAA-4639-8150-BFC28A615F94", "versionEndExcluding": "9.4.0.12", "versionStartIncluding": "9.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:continuous_delivery:*:*:*", "matchCriteriaId": "F5AD9525-FE94-4672-8F7E-66C69C1BE460", "versionEndExcluding": "9.4.3", "versionStartIncluding": "9.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:mq_appliance:*:*:*:*:lts:*:*:*", "matchCriteriaId": "E1142B22-8707-4DE4-AFFD-F6CC735459A8", "versionEndExcluding": "9.4.3.0", "versionStartIncluding": "9.4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it."}, {"lang": "es", "value": "Un cliente de IBM MQ 9.3 y 9.4 que se conecta a un gestor de colas de MQ puede provocar un SIGSEGV en el proceso del canal AMQRMPPA que lo finalice."}], "id": "CVE-2025-3631", "lastModified": "2025-07-23T19:08:03.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-11T19:15:23.433", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7237025"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7238310"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}