CVE-2025-13688 IBM — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.8 (HIGH)
Affected Versions	5.1.2 — 5.3.1
Fixed In	5.3.1
Type	CWE-78 (OS Command Injection (Внедрение команд ОС))
Vendor	IBM
Public PoC	No

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-78 OS Command Injection (Внедрение команд ОС)

Vulnerable Products 1

ibm:datastage_on_cloud_pak_for_data

Known Affected Software Configurations 1

Configuration	From (including)	Up to (excluding)
Ibm Datastage_On_Cloud_Pak_For_Data cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data::::::::	`5.1.2`	`5.3.1`

References 1

https://www.ibm.com/support/pages/node/7262347

psirt@us.ibm.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-13687

IBM

8.8

CVE-2025-13686

IBM

8.8

CVE-2026-1265

IBM

5.3

CVE-2025-36364

IBM

3.3

CVE-2025-36363

IBM

7.5

Menu

CVE-2025-13688

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

Known Affected Software Configurations 1

References 1

Related Vulnerabilities

CVE-2025-13687

CVE-2025-13686

CVE-2026-1265

CVE-2025-36364

CVE-2025-36363

CVE Details

Editor's Choice