XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation...

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Description

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Basic Information

ID CVE-2025-13096

Source ibm

Published Feb 2, 2026 at 20:56

Affected Product

Vendor IBM

Product Business Automation Workflow containers

Version V25.0.0

Affected Versions IBM Business Automation Workflow containers V25.0.0
IBM Business Automation Workflow containers V24.0.1
IBM Business Automation Workflow containers V24.0.0
IBM Business Automation Workflow traditional 25.0.0
IBM Business Automation Workflow traditional 24.0.1
IBM Business Automation Workflow traditional 24.0.0

CWE Classification

CWE-918

References

www.ibm.com /support/pages/node/7259321

{
    "lastseen": "",
    "description": "IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u00a0remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u00a0resources.",
    "published": "2026-02-02T20:56:48.318Z",
    "modified": "2026-02-02T20:56:48.318Z",
    "type": "cve",
    "title": "XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7259321",
    "id": "CVE-2025-13096",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "IBM Business Automation Workflow containers V25.0.0\nIBM Business Automation Workflow containers V24.0.1\nIBM Business Automation Workflow containers V24.0.0\nIBM Business Automation Workflow traditional 25.0.0\nIBM Business Automation Workflow traditional 24.0.1\nIBM Business Automation Workflow traditional 24.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Business Automation Workflow containers",
    "version": "V25.0.0",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -_CVE-2025-13096