CVE-2025-36379
Published: 17 February 2026
Summary
CVE-2025-36379 is a medium-severity Inadequate Encryption Strength (CWE-326) vulnerability in Ibm Qradar Edr. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).
Deeper analysis
CVE-2025-36379 affects IBM Security QRadar EDR versions 3.12 through 3.12.23, specifically the IBM Security ReaQta component. The vulnerability stems from the use of weaker than expected cryptographic algorithms, classified under CWE-326 (Inadequate Encryption Strength). Published on 2026-02-17, it has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.
An unauthenticated attacker with network access could exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation would allow the attacker to decrypt highly sensitive information protected by the weak algorithms.
The IBM security advisory provides details on mitigation and available patches at https://www.ibm.com/support/pages/node/7260390. Security practitioners should consult this reference for version-specific remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207854
Vulnerability details
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network-accessible flaw in public-facing EDR component enabling decryption of sensitive data (info disclosure).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires implementation of approved cryptographic algorithms and strengths, preventing use of weak algorithms that enable decryption of sensitive data.
Mandates cryptographic protection of transmitted information, mitigating exposure when weak algorithms are used for network confidentiality.
Requires cryptographic protection of information at rest, addressing decryption risks for sensitive stored data protected by inadequate algorithms.