CVE-2025-13096
HIGH WAF: Medium
CVSS 7.1
Published: 2026-02-02
CWE-918
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | business_automation_workflow | up to 24.0.0 |
| ibm | business_automation_workflow | up to 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.0 |
| ibm | business_automation_workflow | 24.0.1 |
References
- www.ibm.com (Vendor Advisory)