← Back
2026-03-03 20:51CVE-2025-13686ibm
PUBLISHED5.2ApplicationCWE-78

DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.

Problem type

Affected products

IBM

DataStage on Cloud Pak for Data

<= 5.3.0 - AFFECTED

References

ibm.com

https://www.ibm.com/support/pages/node/7262347

vendor-advisorypatch

GitHub Security Advisories

GHSA-5q2c-6jfv-pq7j

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to...

https://github.com/advisories/GHSA-5q2c-6jfv-pq7j

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-13686

ibm.com

https://www.ibm.com/support/pages/node/7262347

github.com

https://github.com/advisories/GHSA-5q2c-6jfv-pq7j

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-13686
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-13686",
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "dateUpdated": "2026-03-03T21:31:57.708Z",
    "dateReserved": "2025-11-25T19:54:37.040Z",
    "datePublished": "2026-03-03T20:51:45.521Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm",
        "dateUpdated": "2026-03-03T20:51:45.521Z"
      },
      "title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<p>IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.</p>"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "IBM",
          "product": "DataStage on Cloud Pak for Data",
          "cpes": [
            "cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "5.1.2",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "5.3.0"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
              "cweId": "CWE-78",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7262347",
          "tags": [
            "vendor-advisory",
            "patch"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "LOW",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "<p>IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later</p>"
            }
          ]
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-03T21:31:57.708Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}