CVE-2025-13691
Received Received - Intake
Information Disclosure in IBM DataStage on Cloud Pak for Data

Publication date: 2026-02-17

Last updated on: 2026-02-20

Assigner: IBM Corporation

Description
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-17
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-17
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13691
EUVD
EUVD-2025-207822
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ibm datastage_on_cloud_pak_for_data From 5.1.2 (inc) to 5.3.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-13691 affects IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0. The vulnerability arises from the HTTP processing component during request handling, which causes sensitive information to be returned in HTTP responses.

This exposure of sensitive system information can enable attackers to impersonate other users within the system.

It is classified under CWE-497, indicating exposure of sensitive system information to an unauthorized control sphere.

Impact Analysis

The vulnerability allows attackers to obtain sensitive information from HTTP responses, which can be used to impersonate other users in the system.

This can lead to unauthorized access and actions performed under the guise of legitimate users, compromising confidentiality and integrity of the system.

The CVSS v3.1 base score of 8.1 reflects a high impact on confidentiality and integrity, with a network attack vector and low attack complexity.

Compliance Impact

I don't know

Detection Guidance

There are no specific detection methods or commands provided to identify this vulnerability on your network or system.

Mitigation Strategies

IBM strongly recommends remediating this vulnerability by upgrading affected IBM DataStage on Cloud Pak for Data installations to version 5.3.1 or later.

No workarounds or mitigations are provided for this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13691. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart