Cyber Resilience

CVE-2025-36379

Medium

Published: 17 February 2026

Published
17 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 5.2th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36379 is a medium-severity Inadequate Encryption Strength (CWE-326) vulnerability in Ibm Qradar Edr. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).

Deeper analysis

CVE-2025-36379 affects IBM Security QRadar EDR versions 3.12 through 3.12.23, specifically the IBM Security ReaQta component. The vulnerability stems from the use of weaker than expected cryptographic algorithms, classified under CWE-326 (Inadequate Encryption Strength). Published on 2026-02-17, it has a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high confidentiality impact but no integrity or availability effects.

An unauthenticated attacker with network access could exploit this vulnerability, though it requires high attack complexity and no user interaction. Successful exploitation would allow the attacker to decrypt highly sensitive information protected by the weak algorithms.

The IBM security advisory provides details on mitigation and available patches at https://www.ibm.com/support/pages/node/7260390. Security practitioners should consult this reference for version-specific remediation steps.

EU & UK References

Vulnerability details

IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote network-accessible flaw in public-facing EDR component enabling decryption of sensitive data (info disclosure).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-36377Same product: Ibm Qradar Edr
CVE-2026-8633Same vendor: Ibm
CVE-2025-0159Same vendor: Ibm
CVE-2023-49886Same vendor: Ibm
CVE-2026-1343Same vendor: Ibm
CVE-2026-8620Same vendor: Ibm
CVE-2024-39750Same vendor: Ibm
CVE-2026-9170Same vendor: Ibm
CVE-2026-3366Same vendor: Ibm
CVE-2026-8175Same vendor: Ibm

Affected Assets

ibm
qradar edr
3.12.0 — 3.12.24

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires implementation of approved cryptographic algorithms and strengths, preventing use of weak algorithms that enable decryption of sensitive data.

prevent

Mandates cryptographic protection of transmitted information, mitigating exposure when weak algorithms are used for network confidentiality.

prevent

Requires cryptographic protection of information at rest, addressing decryption risks for sensitive stored data protected by inadequate algorithms.

References