DataStage on Cloud Pak for Data is vulnerable to arbitrary...

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.

AI Analysis

Arbitrary code injection vulnerability due to unrestricted file uploads in IBM DataStage on Cloud Pak for Data

Basic Information

ID CVE-2025-13689

Source ibm

Published Feb 17, 2026 at 22:26

Affected Product

Vendor IBM

Product DataStage on Cloud Pak

Version 5.1.2

Affected Versions IBM DataStage on Cloud Pak 5.1.2

CWE Classification

CWE-434

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor IBM

Product DataStage on Cloud Pak for Data

Version 5.1.2

References

www.ibm.com /support/pages/node/7259958

{
    "lastseen": "",
    "description": "IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.",
    "published": "2026-02-17T22:26:20.866Z",
    "modified": "2026-02-17T22:26:20.866Z",
    "type": "cve",
    "title": "DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7259958",
    "id": "CVE-2025-13689",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "IBM DataStage on Cloud Pak 5.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DataStage on Cloud Pak",
    "version": "5.1.2",
    "vendor": "IBM",
    "ai_description": "Arbitrary code injection vulnerability due to unrestricted file uploads in IBM DataStage on Cloud Pak for Data",
    "ai_severity": "High",
    "ai_vendor": "IBM",
    "ai_product": "DataStage on Cloud Pak for Data",
    "ai_version": "5.1.2",
    "ai_score": 8.8
}

DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment_CVE-2025-13689