IBM DataStage on Cloud Pak for Data: Unauthorized file upload enables command execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

IBM DataStage on Cloud Pak for Data: Unauthorized file upload enables command execution

CVE-2025-13689

Summary

An authenticated user can upload files without restrictions, potentially allowing them to execute arbitrary system commands and access sensitive data. This could lead to unauthorized access and data breaches. IBM recommends disabling file uploads or implementing strict controls to prevent malicious use.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
ibm	datastage_on_cloud_pak_for_data	> 5.1.2 , <= 5.3.1	–

Original title

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.

Original description

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads.

nvd CVSS3.1 8.8

Vulnerability type

CWE-434 Unrestricted File Upload

https://www.ibm.com/support/pages/node/7259958 Vendor Advisory

Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026