CVE-2025-13688
Awaiting Analysis
Awaiting Analysis - Queue
Command Injection in IBM DataStage Wrapped Command Component
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: IBM Corporation
Description
Description
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | datastage_on_cloud_pak_for_data | From 5.1.2 (inc) to 5.3.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
