XLinkedIn
1 973-826-7406|info@AvadaSoftware.com

MQ Security Vulnerabilities Addressed in Latest IBM MQ Operator and Container Image Updates

By |Published On: May 29th, 2025|2 min read|
Table of Contents

MQ Security Vulnerabilities Addressed in Latest IBM MQ Operator and Container Image Updates

IBM has released critical security updates for its MQ Operator and queue manager container images, addressing multiple vulnerabilities that posed significant risks to system availability and data integrity. These updates are part of IBM’s ongoing commitment to proactively manage and reduce exposure to security threats in modern MQ environments.

Critical Vulnerabilities Resolved

Six distinct vulnerabilities have been identified and resolved, ranging in severity from medium to high. Among the most serious:

  • CVE-2025-0395: A buffer overflow issue due to insufficient allocation for assertion failure messages in GNU C Library, with a CVSS score of 7.5.
  • CVE-2025-22869: A denial-of-service vulnerability in SSH file transfer implementations, also rated 7.5, which could exhaust system memory.
  • CVE-2024-45336: Mishandling of HTTP headers after cross-domain redirects, potentially leaking sensitive authentication information.

Other addressed issues include improper host matching in proxy configurations (CVE-2025-22870), information leaks in ppc64le architectures (CVE-2025-22866), and URI validation gaps in certificate chains using private PKI (CVE-2024-45341).

Affected IBM MQ Versions

The security fixes apply to a broad set of IBM MQ Operator and container image versions, including:

  • IBM MQ Operator: Versions from 2.0.0 to 3.5.2 across SC2, CD, LTS, and other releases.
  • IBM MQ Advanced Container Images: Ranging from 9.2.0.1 to 9.4.2.1 across multiple release tracks including LTS and CD.

Administrators using any of these versions should verify their deployments immediately.

Secure Versions Available

IBM has published new secure container image versions that resolve all listed vulnerabilities:

  • IBM MQ Operator v3.5.3 (CD Release) paired with MQ Advanced 9.4.2.1-r2
  • IBM MQ Operator v3.2.12 (SC2 Release) paired with MQ Advanced 9.4.0.11-r2
  • IBM MQ Container 9.4.2.1-r2 for standalone deployments

IBM recommends that all users update to these versions without delay to mitigate exposure.

Why These Fixes Matter

In today’s hybrid and cloud-native environments, securing containerized middleware platforms is more critical than ever. MQ environments, which are central to many enterprise integration patterns, can become targets for attackers exploiting unpatched vulnerabilities. The latest patches ensure the integrity, availability, and confidentiality of your messaging infrastructure.

To learn more about how to secure your IBM MQ environments—especially in containerized and cloud-native deployments—download our complimentary whitepaper: Securing Modern MQ Environments

This paper provides a practical guide to hardening your middleware stack, identifying potential attack surfaces, and implementing best-in-class practices for MQ security in dynamic environments.

Related Posts

The Importance of Access Controls in MQ Incident Response
The Importance of Access Controls in MQ Incident Response
Gallery

The Importance of Access Controls in MQ Incident Response

May 21st, 2025
Securing IBM MQ in Kubernetes
Securing IBM MQ in Kubernetes
Gallery

Securing IBM MQ in Kubernetes

May 5th, 2025
Better ActiveMQ Performance Testing with Synthetic Transactions
Better ActiveMQ Performance Testing with Synthetic Transactions
Gallery

Better ActiveMQ Performance Testing with Synthetic Transactions

April 29th, 2025
Efficiently Integrating Systems from Mergers & Acquisitions
Efficiently Integrating Systems from Mergers & Acquisitions
Gallery

Efficiently Integrating Systems from Mergers & Acquisitions

January 23rd, 2025
Secure Remote Access to Transactional Middleware Environments
Secure Remote Access to Transactional Middleware Environments
Gallery

Secure Remote Access to Transactional Middleware Environments

January 21st, 2025
4 Middleware Architecture Tips You Didn’t Know About
4 Middleware Architecture Tips You Didn’t Know About
Gallery

4 Middleware Architecture Tips You Didn’t Know About

January 10th, 2025
Enhanced Troubleshooting in IBM WebSphere Application Server
Enhanced Troubleshooting in IBM WebSphere Application Server
Gallery

Enhanced Troubleshooting in IBM WebSphere Application Server

December 4th, 2024
ActiveMQ vs. RabbitMQ Security Features and Best Practices
ActiveMQ vs. RabbitMQ Security Features and Best Practices
Gallery

ActiveMQ vs. RabbitMQ Security Features and Best Practices

November 27th, 2024
Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360
Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360
Gallery

Simplifying Message Filtering and Selection for Accurate Test Scenarios with Infrared360

November 20th, 2024
Critical ReDoS and SSRF ACE Vulnerabilities Addressed
Critical ReDoS and SSRF ACE Vulnerabilities Addressed
Gallery

Critical ReDoS and SSRF ACE Vulnerabilities Addressed

November 20th, 2024

More Infrared360® Resources

Articles & Papers

Overcome the Challenges of Moving Core Banking and Transaction Processing to the Cloud

Secure the Edge with IBM® DataPower® Gateway Appliance

5 Challenges & Solutions When Modernizing Your Middleware Infrastructure

Proactive vs. Forensic – Middleware – Health Monitoring

Seven Middleware Challenges You Must Overcome Before Your Cloud Migration

Monitoring Widely Distributed Environments Without Losing Focus

eBook: Inside IBM MQ Deployment Choices

Contain Costs and Mitigate Risks of Transactions on the Middleware Superhighway

Case Studies

Parker Hannifin Improves Efficiencies Across Business Units with Infrared360® and Trusted Spaces™

Alight Implements Secure, Holistic Self-Service Messaging

Sompo International Builds Business Platform Optimization with SOAP and REST Monitoring

The power of a healthy network: Visiting Nurse Service of New York harnesses IBM, partner technology to streamline patient care.

Video

The Business Case for Modernizing Your MQ Estate Today

Improving Productivity Through Smart, Safe Self-Service

Managing Middleware in Hybrid Cloud

Integrating Data in the Cloud with IBM App Connect

Transforming Your IBM MQ Estate Using Containers

Integration Modernization Lessons Learned

IBM MQ: Enterprise-wide Integration for Modern Distributed Environments

Understanding External Influences on Your Integration Strategy and Direction

Analyst Reports

Peer Reviews for Infrared360®

Avada Software Named a Most Promising IBM Solution Provider for 2023

Avada Software named one of Most Promising IBM Solutions Providers for 2022

A Systems Integrator and Services Provider Cuts Costs, Creates New Revenue Streams While Improving Service Delivery

Infrared360 named one of CIOReview’s 20 Most Promising APM Solution Providers

Analyst Report: Managing an IBM MQ Environment at USBank

CIO Feedback/Data Sheet

About the Author: Scott Treggiari

AVADA SOFTWARE AT A GLANCE

Avada Software’s flagship product, Infrared360®, is an IT management portal providing total administration, monitoring, testing, auditing, analytics dashboards, and self-service for cloud, on-prem, or hybrid environments. Get secure, collaborative management of elements across your IT stack like Kafka®, IBM® MQ, IBM® ACE/IIB, ActiveMQ®, WebSphere®, JBoss®, and Tomcat® Application Servers, URLs, SOAP & REST-based web services, IBM® DataPower® and MQ Appliance.

Latest Insight

The Middleware Blog

May 29th, 2025|

MQ Security Vulnerabilities Addressed in Latest IBM MQ Operator and Container Image Updates IBM has released critical security updates for its MQ Operator and queue manager container images, addressing multiple vulnerabilities that posed significant risks to system availability and data integrity. These updates are part of IBM’s ongoing commitment to proactively manage and reduce exposure to security threats in modern MQ environments. Critical Vulnerabilities Resolved

Six distinct vulnerabilities have […]

Read More

May 21st, 2025|

The Importance of Access Controls in MQ Incident Response
 IBM® MQ plays a critical role in ensuring reliable, secure messaging between distributed applications. But as your MQ infrastructure grows in complexity—spanning hybrid, containerized, and multi-cloud environments—so too does the risk of misconfiguration, unauthorized access, and slower incident response times. That’s where access controls in MQ become more than just a checkbox on your security audit—they’re a frontline defense and […]

Read More

May 5th, 2025|

Best Practices for Securing IBM MQ in Kubernetes As organizations modernize their infrastructure, deploying IBM MQ in Kubernetes has become increasingly common. But with this shift comes new challenges—especially in security. Traditional methods of access control and monitoring aren’t enough in dynamic, containerized environments. Securing IBM MQ in Kubernetes requires a focus on identity, visibility, and role-based access control (RBAC):

  • Use external identity sources: In Kubernetes, container-based deployments don’t maintain […]
Read More

April 29th, 2025|

The Crucial Role of Synthetic Transactions in ActiveMQ Performance Testing

Messaging systems are the foundation of many modern enterprises, with ActiveMQ increasingly emerging as a key player in this arena. Yet, maintaining the strength and dependability of these intricate messaging environments requires more than just optimism. By mimicking real-world user activity, synthetic transactions offer a proactive approach to evaluating ActiveMQ’s performance, resilience, and overall system health.

Read More

April 17th, 2025|

Why Developers Need Access to MQ and How to Make It Work Securely

Imagine you’re a developer trying to test a new feature that sends a message through IBM MQ.

You write the code, hit run… and nothing happens. The message disappears. You suspect it’s stuck in a queue somewhere.

But you can’t see it. You can’t confirm it. And you definitely can’t fix it, because you don’t have access.

That’s the daily […]

Read More

April 3rd, 2025|

IBM MQ Native HA: Enhancing Messaging Resilience in Modern Architectures

In today’s digitally connected world, enterprise messaging systems must be both highly available and resilient. IBM MQ—a leader in message-oriented middleware—provides robust messaging capabilities that ensure reliable data exchange between applications. One of the key features that help guarantee uninterrupted messaging is Native High Availability (HA). This article explores IBM MQ Native HA in depth, clarifies common misconceptions by comparing […]

Read More

We are proud supporters of:

Avada Software. All Rights Reserved |This website may contain logos and trademarks of third parties. These are the property of their respective owners and are used on this site for informational purposes only. Avada Software does not claim any ownership or association with these trademarks or, except where explicitly stated, their respective organizations. | Privacy Policy
Go to Top