CVE-2025-13686

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7262347	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-03 21:15

Updated : 2026-03-04 03:51

NVD link : CVE-2025-13686

Mitre link : CVE-2025-13686

CVE.ORG link : CVE-2025-13686

JSON object : View

Products Affected

ibm

datastage_on_cloud_pak_for_data

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-13686", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-03T21:15:55.933", "references": [{"url": "https://www.ibm.com/support/pages/node/7262347", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component."}, {"lang": "es", "value": "IBM DataStage en Cloud Pak para Data 5.1.2 hasta 5.3.0 podr\u00eda permitir a un usuario autenticado ejecutar comandos arbitrarios con privilegios de usuario normal en el sistema debido a una validaci\u00f3n incorrecta de la entrada proporcionada por el usuario a trav\u00e9s del componente de subrutina de trabajo."}], "lastModified": "2026-03-04T03:51:31.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DB38701-1394-4552-8D77-D36B06B5D7E4", "versionEndExcluding": "5.3.1", "versionStartIncluding": "5.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}