IBM Engineering Requirements Management DOORS Next 7.1 and 7.2 permissions bypass

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

IBM Engineering Requirements Management DOORS Next 7.1 and 7.2 permissions bypass

CVE-2025-13734

Summary

An attacker with a legitimate login can access sensitive data they shouldn't be able to see. This could lead to unauthorized changes to project information. IBM recommends patching or upgrading to a fixed version.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
ibm	engineering_requirements_management_doors_next	7.1	–
ibm	engineering_requirements_management_doors_next	7.2	–

Original title

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

Original description

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

nvd CVSS3.1 5.4

Vulnerability type

CWE-862 Missing Authorization

CWE-863 Incorrect Authorization

https://www.ibm.com/support/pages/node/7261900 Vendor Advisory

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026