{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13686","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-11-25T19:54:37.040Z","datePublished":"2026-03-03T20:51:45.521Z","dateUpdated":"2026-03-03T21:31:57.708Z"},"containers":{"cna":{"affected":[{"cpes":["cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.1.2:*:*:*:*:*:*:*","cpe:2.3:a:ibm:datastage_on_cloud_pak_for_data:5.3.0:*:*:*:*:*:*:*"],"product":"DataStage on Cloud Pak for Data","vendor":"IBM","versions":[{"lessThanOrEqual":"5.3.0","status":"affected","version":"5.1.2","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component.</p>"}],"value":"IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the job subroutine component."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-03-03T20:51:45.521Z"},"references":[{"tags":["vendor-advisory","patch"],"url":"https://www.ibm.com/support/pages/node/7262347"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later</p>"}],"value":"IBM strongly recommends addressing the vulnerability now by upgrading. Product(s) Version(s) number and/or range Remediation/Fix/Instructions DataStage on Cloud Pak for Data 5.1.2 - 5.3.0 Upgrade to version 5.3.1 or later"}],"title":"DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment","x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-03T21:31:50.620127Z","id":"CVE-2025-13686","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-03T21:31:57.708Z"}}]}}