What is the CVSS score of CVE-2025-13691?

CVE-2025-13691 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Datastage On Cloud Pak For Data are affected by CVE-2025-13691?

IBM DataStage on Cloud Pak for Data versions 5.1.2 through 5.3.0 expose sensitive information in HTTP responses that could allow attackers to impersonate legitimate users and gain unauthorized system…

How to fix or mitigate CVE-2025-13691?

Within 24 hours: Identify all DataStage instances running versions 5.1.2-5.3.0 and assess user exposure. Within 7 days: Implement network segmentation to restrict DataStage access to trusted networks only and enable enhanced logging for authentication events. Within 30 days: Contact IBM for patches or workarounds, evaluate upgrade paths to patched versions, and conduct access reviews of DataStage user accounts.

Datastage On Cloud Pak For Data CVE-2025-13691

HIGH

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)

2026-02-17 psirt@us.ibm.com

IBM Datastage On Cloud Pak For Data

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 17, 2026 - 21:22 nvd

HIGH 8.1

DescriptionNVD

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.

AnalysisAI

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. [CVSS 8.1 HIGH]

Technical ContextAI

Affects Datastage On Cloud Pak For Data. IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-7524 CRITICAL Act Now

9.8 May 27

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr

CVE-2026-8175 CRITICAL Act Now

9.8 May 27

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra

CVE-2026-7876 CRITICAL Act Now

9.1 May 27

Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu

CVE-2026-5065 HIGH This Week

8.8 May 27

Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded

CVE-2026-8179 HIGH This Week

8.8 May 27

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)

CVE-2025-13691 vulnerability details – vuln.today

Back