CVE-2025-13688
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
03 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
IBM · DataStage on Cloud Pak for Data