CVE-2025-13688HIGH 8.8EPSS p26.2%

CVE-2025-13688CVE-2025-13688

Description

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.34% probability of exploitation · percentile 26.2% · 2026-06-18T12:00:27Z
Published2026-03-03
Last modified2026-03-04

Underlying weaknesses· 1

CWE-78

References

  1. https://www.ibm.com/support/pages/node/7262347

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13687
CVE
CVE-2025-13686
CVE
CVE-2025-13689
CVE
CVE-2025-36245
CVE
CVE-2025-13481
CVE
CVE-2025-1137
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.