7.1.1
7.0.4
CVE-2025-1823 describes a Denial of Service (DoS) vulnerability affecting IBM Jazz Reporting Service. An authenticated user on the host network can exploit this flaw by sending specially crafted SQL queries that consume excessive memory resources, potentially causing the service to become unavailable. This vulnerability impacts versions 7.0.3 through 7.1iFix006, and a fix is available in version 7.1.1.
Successful exploitation of CVE-2025-1823 allows an authenticated user to induce a denial of service within the IBM Jazz Reporting Service. The attacker can craft malicious SQL queries designed to exhaust memory resources, leading to service instability and potential outages. This can disrupt reporting functionalities and impact users relying on the service for data analysis and insights. While the CVSS score is LOW, the impact of a DoS can still be significant, particularly in environments where reporting is critical for operational decision-making. The vulnerability's reliance on authenticated access limits the potential attack surface, but internal users with sufficient privileges pose a risk.
CVE-2025-1823 was publicly disclosed on 2026-02-04. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is considered low.
Organizations utilizing IBM Jazz Reporting Service versions 7.0.3 through 7.1iFix006, particularly those with internal users who have authenticated access to the reporting service and the ability to execute SQL queries, are at risk. Shared hosting environments where multiple users share the same Jazz Reporting Service instance are also potentially vulnerable.
disclosure
漏洞利用状态
EPSS
0.01% (2% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-1823 is to upgrade IBM Jazz Reporting Service to version 7.1.1 or later, which contains the fix. If immediate upgrading is not feasible, consider implementing temporary workarounds. Restricting access to the reporting service to trusted users and implementing input validation on SQL queries can help reduce the risk. Monitoring memory usage on the server hosting Jazz Reporting Service is also recommended to detect potential DoS attacks. After upgrading, confirm the fix by attempting to execute the malicious SQL query and verifying that it no longer causes excessive memory consumption.
将 IBM Jazz Reporting Service 更新到 7.1 iFix006 或 7.0.3 iFix020 以后的版本。这修复了由恶意 SQL 查询消耗过多内存资源引起的拒绝服务漏洞。请参阅 IBM 参考链接以获取有关更新的详细说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-1823 is a denial-of-service vulnerability in IBM Jazz Reporting Service allowing authenticated users to exhaust memory resources with crafted SQL queries.
You are affected if you are using IBM Jazz Reporting Service versions 7.0.3–7.1iFix006. Upgrade to 7.1.1 or later to mitigate the risk.
Upgrade IBM Jazz Reporting Service to version 7.1.1 or later. As a temporary workaround, restrict access and validate SQL inputs.
Currently, there are no publicly known active exploits for CVE-2025-1823, but vigilance is still advised.
Refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826](https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/common/sb129826)