CVE-2025-13734
Received Received - Intake
Privilege Escalation in IBM DOORS Next 7.1/7.2 via Access Control Bypass

Publication date: 2026-03-03

Last updated on: 2026-03-04

Assigner: IBM Corporation

Description
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-04
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13734
EUVD
EUVD-2025-208251
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm engineering_requirements_management_doors_next 7.1
ibm engineering_requirements_management_doors_next 7.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2025-13734, affects IBM Engineering Requirements Management DOORS Next versions 7.1 and 7.2. It allows an authenticated user to view and edit data beyond their authorized access permissions due to insufficient authorization enforcement (CWE-862: Missing Authorization). Essentially, a user with valid credentials can exploit this flaw to access and modify restricted project artifacts that they should not be able to.

Impact Analysis

The impact of this vulnerability includes potential compromise of data confidentiality and integrity. An attacker with valid credentials could view and edit restricted data, which may lead to unauthorized disclosure or alteration of sensitive project information. The CVSS score of 5.4 indicates a moderate severity with low attack complexity and no requirement for user interaction, meaning it can be exploited relatively easily over the network by someone with low privileges.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should promptly apply the corrective updates released by IBM.

  • For IBM Engineering Requirements Management DOORS Next version 7.1, install ifix 08 or newer.
  • For version 7.2, install ifix 01 or newer.

No workarounds or other mitigations are provided, so applying these updates is the recommended immediate action.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart