Scope: Raised in PM call (Nov 11th), a CVE security vulnerablity is identified that needs to be documented as a known issue in IBQ 3.27. 
 
Description:
CVE-2025-59250, JDBC Driver for Microsoft SQL Server Spoofing Vulnerability.
 
I'm not sure how exactly to document it for IBQ. Let's say the text may read something  like this: 
 
***
IBQ 3.7.0 quarkus-jdbc-mssql extension is impacted by https://www.cve.org/CVERecord?id=CVE-2025-59250[CVE-2025-59250]: JDBC Driver for Microsoft SQL Server Spoofing Vulnerability.
 
Quarkus security team considers that the severity of this CVE's impact on IBQ is Moderate, due to the fact that to support an encrypted TLS connection with Microsoft SQL server in the quarkus-jdbc-mssql extension, Quarkus applications typically configure JDBC connections in the application properties and usually do not allow application users to configure JDBC connections dynamically, thus minimizing a risk of users being tricked into entering a wrong JDBC Connection configuration.
 
This CVE will be fixed in IBQ 3.7.1.
***
Contact Siarhei Biarozkin  SME signoff.