What is the severity of CVE-2025-0985?

CVE-2025-0985 is classified as a medium severity vulnerability due to the risk of sensitive information exposure.

How do I fix CVE-2025-0985?

To fix CVE-2025-0985, review environment variable usage and restrict access to sensitive information.

Who is affected by CVE-2025-0985?

CVE-2025-0985 affects users of IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD.

What information can be exposed due to CVE-2025-0985?

CVE-2025-0985 can expose potentially sensitive information stored in environment variables.

Can a remote attacker exploit CVE-2025-0985?

No, CVE-2025-0985 requires local access to exploit the information stored in environment variables.

Vulnerability/
CVE-2025-0985

medium

6.5

CWE

526

28/2/2025

CVE-2025-0985: IBM MQ information disclosure

First published: Fri Feb 28 2025(Updated: )

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM MQ	<=SC2 (formerly LTS): v3.2.0 - v3.2.8CD: v3.0.0, v3.0.1, v3.1.0 - 3.1.3, v3.3.0, v3.4.0, v3.4.1 LTS: v2.0.0 - 2.0.29 Other Release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
IBM MQ Advanced	<=CD: 9.3.4.0-r1, 9.3.4.1-r1, 9.3.5.0-r1, 9.3.5.0-r2, 9.3.5.1-r1, 9.3.5.1-r2, 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1LTS: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2, 9.4.0.6-r1, 9.4.0.6-r2, 9.4.0.7-r1 Other Release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2

Never miss a vulnerability like this again

Reference Links

https://www.ibm.com/support/pages/node/7184453 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

IBM-7184453

Frequently Asked Questions

What is the severity of CVE-2025-0985?
CVE-2025-0985 is classified as a medium severity vulnerability due to the risk of sensitive information exposure.
How do I fix CVE-2025-0985?
To fix CVE-2025-0985, review environment variable usage and restrict access to sensitive information.
Who is affected by CVE-2025-0985?
CVE-2025-0985 affects users of IBM MQ versions 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD.
What information can be exposed due to CVE-2025-0985?
CVE-2025-0985 can expose potentially sensitive information stored in environment variables.
Can a remote attacker exploit CVE-2025-0985?
No, CVE-2025-0985 requires local access to exploit the information stored in environment variables.

collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/title
agent/author
agent/source
agent/type
agent/description
agent/first-publish-date
agent/softwarecombine
agent/event
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm mq
version/ibm mq/sc2 (formerly lts): v3.2.0 - v3.2.8cd: v3.0.0, v3.0.1, v3.1.0 - 3.1.3, v3.3.0, v3.4.0, v3.4.1 lts: v2.0.0 - 2.0.29 other release: v2.4.0 - v2.4.8, v2.3.0 - 2.3.3, v2.2.0 - v2.2.2
canonical/ibm mq advanced
version/ibm mq advanced/cd: 9.3.4.0-r1, 9.3.4.1-r1, 9.3.5.0-r1, 9.3.5.0-r2, 9.3.5.1-r1, 9.3.5.1-r2, 9.4.1.0-r1, 9.4.1.0-r2, 9.4.1.1-r1lts: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.0.10-r1, 9.3.0.10-r2, 9.3.0.11-r1,9.3.0.11-r2, 9.3.0.15-r1, 9.3.0.16-r1, 9.3.0.16-r2, 9.3.0.17-r1, 9.3.0.17-r2, 9.3.0.17-r3, 9.3.0.20-r1, 9.3.0.20-r2, 9.3.0.21-r1, 9.3.0.21-r2, 9.3.0.21-r3, 9.3.0.25-r1, 9.4.0.0-r1, 9.4.0.0-r2, 9.4.0.0-r3, 9.4.0.5-r1, 9.4.0.5-r2, 9.4.0.6-r1, 9.4.0.6-r2, 9.4.0.7-r1 other release: 9.2.0.1-r1-eus, 9.2.0.2-r1-eus, 9.2.0.2-r2-eus, 9.2.0.4-r1-eus, 9.2.0.5-r1-eus, 9.2.0.5-r2-eus, 9.2.0.5-r3-eus, 9.2.0.6-r1-eus, 9.2.0.6-r2-eus, 9.2.0.6-r3-eus, 9.2.3.0-r1, 9.2.4.0-r1, 9.2.5.0-r1, 9.2.5.0-r2, 9.2.5.0-r3, 9.3.0.0-r1, 9.3.0.0-r2, 9.3.0.0-r3, 9.3.0.1-r1, 9.3.0.1-r2, 9.3.0.1-r3, 9.3.0.1-r4, 9.3.0.3-r1, 9.3.0.4-r1, 9.3.0.4-r2, 9.3.0.5-r1, 9.3.0.5-r2, 9.3.0.5-r3, 9.3.0.6-r1, 9.3.1.0-r1, 9.3.1.0-r2, 9.3.1.0-r3, 9.3.1.1-r1, 9.3.2.0-r1, 9.3.2.0-r2, 9.3.2.1-r1, 9.3.2.1-r2, 9.3.3.0-r1, 9.3.3.0-r2, 9.3.3.1-r1, 9.3.3.1-r2, 9.3.3.2-r1, 9.3.3.2-r2, 9.3.3.2-r3, ,9.3.3.3-r1, 9.3.3.3-r2