Article Details

IBM Cloud login breaks for second time this week and Big Blue isn't saying why. To make matters worse, IBM's security software has a critical vuln caused by exposed password. IBM isn’t having its best week after the company experienced another cloudy outage and a critical-rated vulnerability. The outage repeated the Tuesday incident that saw users unable to access the console through which they manage their cloudy resources, or to open and view support cases. Big Blue’s cloud displayed similar symptoms on May 21. We’ve asked IBM if the incidents are related, but the company has not responded at the time of writing. The Wednesday authentication outage started at 9:03 AM UTC and ended over four hours later at 1:20 PM UTC. IBM’s status page offers no information about the cause. Messages sent to customers urge them to “perform health checks of their resources, and contact IBM Cloud Support if they continue to experience failures.” However, if the problem recurs it will likely again mean customers cannot open or view support cases, meaning IBM support may not be able to offer much help! IBM Japan offered “sincere apologies to all concerned parties for the inconvenience caused.” Also on Wednesday, IBM issued a security bulletin that reveals its QRadar threat detection and response tools, and Cloud Pak for Security integration suite, both left a password in a configuration file. Bug-assessors scored the resulting CVE-2025-2502 9.6 on the ten-point Common Vulnerability Scoring System, meaning it is considered a critical vulnerability. IBM’s security bulletin also advised of four other QRadar flaws, rated 7.2, 6.5, 4.8 and 4.0. The good news is that IBM introduced the flaws in recent double-point upgrades to its products, so perhaps many users haven’t installed the vulnerable products. Those who have may now face an extra chore, unless compensating controls are in place to eliminate the need for a rushed patch.