ByteOS Network

CVE Vulnerability Details :

CVE-2025-12755

PUBLISHED

More Info Official Page

Assigner-ibm

Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522

Published At-17 Feb, 2026 | 18:49

Updated At-17 Feb, 2026 | 20:00

▼CVE Numbering Authority (CNA)

Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues.

Affected Products

Vendor

IBM Corporation

Product

MQ Operator

CPEs

cpe:2.3:a:ibm:mq_operator:3.2.21:*:*:*:*:*:*:*

Versions

Affected

From SC2: v3.2.0 through 3.2.21 (semver)
From CD: v3.3.0 through 3.8.1 (semver)
From LTS: v2.0.0 through 2.0.29 (semver)

Vendor

IBM Corporation

Product

supplied MQ Advanced container images

CPEs

cpe:2.3:a:ibm:mq_advanced:9.4.0.6-r1:*:*:*:*:*:*:*

Versions

Affected

From SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1, 9.4.0.10-r2, 9.4.0.11-r1, 9.4.0.11-r2, 9.4.0.11-r3, 9.4.0.12-r1, 9.4.0.15-r1 - 9.4.0.15-r4, 9.4.0.16-r1, 9.4.0.16-r2, 9.4.0.17-r1CD: 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1, 9.4.2.0-r1, 9.4.2.0-r2, 9.4.2.1-r1, 9.4.2.1-r2, 9.4.3.0-r1, 9.4.3.0-r2, 9.4.3.1-r1 - 9.4.3.1-r3, 9.4.4.0-r1 - 9.4.4.0-r4, 9.4.4.1-r1LTS: 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-117	CWE-117 Improper Output Neutralization for Logs

Type: CWE

CWE ID: CWE-117

Description: CWE-117 Improper Output Neutralization for Logs

Metrics

Version	Base score	Base severity	Vector
3.1	4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Solutions

Issues mentioned by this security bulletin are addressed in - * IBM MQ Operator v3.9.0 CD release that included IBM supplied MQ Advanced 9.4.5.0-r1 container image. * IBM MQ Operator v3.2.22 SC2 release that included IBM supplied MQ Advanced 9.4.0.17-r2 container image. * IBM MQ Container 9.4.5.0-r1 release. IBM strongly recommends applying the latest container images.

References

Hyperlink	Resource
https://www.ibm.com/support/pages/node/7260087	vendor-advisory patch

Hyperlink: https://www.ibm.com/support/pages/node/7260087

Resource:

vendor-advisory

patch

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References