Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
IBM DataStage on Cloud Pak for Data allows unauthorized command execution
CVE-2025-13687
Summary
A security issue in IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 allows an authenticated user to execute arbitrary system commands. This could potentially lead to unauthorized actions on the system. IBM DataStage administrators should update to a fixed version to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | datastage_on_cloud_pak_for_data | > 5.1.2 , <= 5.3.1 | – |
Original title
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user ...
Original description
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
nvd CVSS3.1
8.8
Vulnerability type
CWE-78
OS Command Injection
- https://www.ibm.com/support/pages/node/7262347 Vendor Advisory
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026