CVE-2025-13687
DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
IBM · DataStage on Cloud Pak for DataWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →