Platform
other
Component
jazz-reporting-service
Fixed in
7.1.1
7.0.4
CVE-2025-1823 describes a Denial of Service (DoS) vulnerability affecting IBM Jazz Reporting Service. An authenticated user on the host network can exploit this flaw by sending specially crafted SQL queries that consume excessive memory resources, potentially causing the service to become unavailable. This vulnerability impacts versions 7.0.3 through 7.1iFix006, and a fix is available in version 7.1.1.
Successful exploitation of CVE-2025-1823 allows an authenticated user to induce a denial of service within the IBM Jazz Reporting Service. The attacker can craft malicious SQL queries designed to exhaust memory resources, leading to service instability and potential outages. This can disrupt reporting functionalities and impact users relying on the service for data analysis and insights. While the CVSS score is LOW, the impact of a DoS can still be significant, particularly in environments where reporting is critical for operational decision-making. The vulnerability's reliance on authenticated access limits the potential attack surface, but internal users with sufficient privileges pose a risk.
CVE-2025-1823 was publicly disclosed on 2026-02-04. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is considered low.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-1823 is to upgrade IBM Jazz Reporting Service to version 7.1.1 or later, which contains the fix. If immediate upgrading is not feasible, consider implementing temporary workarounds. Restricting access to the reporting service to trusted users and implementing input validation on SQL queries can help reduce the risk. Monitoring memory usage on the server hosting Jazz Reporting Service is also recommended to detect potential DoS attacks. After upgrading, confirm the fix by attempting to execute the malicious SQL query and verifying that it no longer causes excessive memory consumption.
Update IBM Jazz Reporting Service to a version later than 7.1 iFix006 or 7.0.3 iFix020. This corrects the denial of service vulnerability caused by malicious SQL queries that consume excessive memory resources. See the IBM reference link for detailed update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-1823 is a denial-of-service vulnerability in IBM Jazz Reporting Service allowing authenticated users to exhaust memory resources with crafted SQL queries.
You are affected if you are using IBM Jazz Reporting Service versions 7.0.3–7.1iFix006. Upgrade to 7.1.1 or later to mitigate the risk.
Upgrade IBM Jazz Reporting Service to version 7.1.1 or later. As a temporary workaround, restrict access and validate SQL inputs.
Currently, there are no publicly known active exploits for CVE-2025-1823, but vigilance is still advised.
Refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826](https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.