← back
CVE-2025-13687

DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

CVSS 6.3 MEDIUMEPSS 0.3%CWE-78
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
03 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L