CVE-2025-36379

Medium

Published: 17 February 2026

Published

17 February 2026

Modified

20 February 2026

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0002 5.1th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36379 is a medium-severity Inadequate Encryption Strength (CWE-326) vulnerability in Ibm Qradar Edr. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

PM-15 Security and Privacy Groups and Associations

addresses: CWE-326

Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.

RA-4 Risk Assessment Update

addresses: CWE-326

Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.

SC-12 Cryptographic Key Establishment and Management

addresses: CWE-326

Establishment procedures require selection and generation of keys with adequate length and strength for the chosen algorithm.

SC-13 Cryptographic Protection

addresses: CWE-326

Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.

SI-2 Flaw Remediation

addresses: CWE-326

Prompt patching corrects inadequate encryption strength when vendors release updates that increase key sizes or algorithm security.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote network-accessible flaw in public-facing EDR component enabling decryption of sensitive data (info disclosure).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Deeper analysisAI

CVE-2025-36379 affects IBM Security QRadar EDR versions 3.12 through 3.12.23, specifically the IBM Security ReaQta component. The vulnerability stems from the use of weaker than expected cryptographic algorithms, classified under CWE-326 (Inadequate Encryption Strength). Published on 2026-02-17, it has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.

An unauthenticated attacker with network access could exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation would allow the attacker to decrypt highly sensitive information protected by the weak algorithms.

The IBM security advisory provides details on mitigation and available patches at https://www.ibm.com/support/pages/node/7260390. Security practitioners should consult this reference for version-specific remediation steps.

Details

CWE(s): CWE-326

Affected Products

ibm

qradar edr

3.12.0 — 3.12.24

CVEs Like This One

CVE-2025-36377Same product: Ibm Qradar Edr

CVE-2024-49352Same vendor: Ibm

CVE-2025-3320Same vendor: Ibm

CVE-2025-3354Same vendor: Ibm

CVE-2023-49886Same vendor: Ibm

CVE-2025-0160Same vendor: Ibm

CVE-2026-4101Same vendor: Ibm

CVE-2026-1343Same vendor: Ibm

CVE-2025-36386Same vendor: Ibm

CVE-2024-49354Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7260390
Vendor Advisory · psirt@us.ibm.com