CVE-2025-13689
HIGH WAF: Medium
CVSS 8.8
Published: 2026-02-17
CWE-434
IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | datastage_on_cloud_pak_for_data | 5.1.2 - 5.3.1 |
References
- www.ibm.com (Vendor Advisory)