Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Business Automation Workflow traditional by IBM

    CVE-2025-13096 (GCVE-0-2025-13096)

    Vulnerability from nvd – Published: 2026-02-02 20:56 – Updated: 2026-02-03 15:39
    VLAI
    Title
    XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -
    Summary
    IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259321 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Business Automation Workflow containers Affected: V25.0.0 , ≤ V25.0.0-IF002 (semver)
    Affected: V24.0.1 , ≤ V24.0.1-IF005 (semver)
    Affected: V24.0.0 , ≤ V24.0.0-IF007 (semver)
        cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*
    Create a notification for this product.
    IBM Business Automation Workflow traditional Affected: 25.0.0
    Affected: 24.0.1
    Affected: 24.0.0
        cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:38:54.551059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:39:59.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*"
              ],
              "product": "Business Automation Workflow containers",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "V25.0.0-IF002",
                  "status": "affected",
                  "version": "V25.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "V24.0.1-IF005",
                  "status": "affected",
                  "version": "V24.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "V24.0.0-IF007",
                  "status": "affected",
                  "version": "V24.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:*"
              ],
              "product": "Business Automation Workflow traditional",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "25.0.0"
                },
                {
                  "status": "affected",
                  "version": "24.0.1"
                },
                {
                  "status": "affected",
                  "version": "24.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Business Automation Workflow containers V25.0.0 through V25.0.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e, V24.0.1 - V24.0.1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e, V24.0.0 - V24.0.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u0026nbsp;remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u0026nbsp;resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u00a0remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u00a0resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:56:48.318Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259321"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;as soon as practical.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eAffected Product(s)\u003c/th\u003e\u003cth\u003eVersion(s)\u003c/th\u003e\u003cth\u003eRemediation / Fix\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV25.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes\"\u003e25.0.0-IF003\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV24.0.1\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7183042\"\u003e24.0.1-IF006\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV24.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7159792\"\u003e24.0.0-IF008\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional\u003c/td\u003e\u003ctd\u003eV25.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes\"\u003e25.0.0-IF003\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional \u003c/td\u003e\u003ctd\u003eV24.0.1\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes\"\u003e24.0.1-IF006\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional \u0026nbsp;\u003c/td\u003e\u003ctd\u003eV24.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes\"\u003e24.0.0-IF008\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0as soon as practical.\n\nAffected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.0Apply  25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1Apply  24.0.1-IF006 https://www.ibm.com/support/pages/node/7183042 IBM Business Automation Workflow containersV24.0.0Apply  24.0.0-IF008 https://www.ibm.com/support/pages/node/7159792 IBM Business Automation Workflow traditionalV25.0.0Apply  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in  25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes IBM Business Automation Workflow traditional V24.0.1Apply  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in  24.0.1-IF006 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes IBM Business Automation Workflow traditional \u00a0V24.0.0Apply  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in  24.0.0-IF008 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes"
            }
          ],
          "title": "XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13096",
        "datePublished": "2026-02-02T20:56:48.318Z",
        "dateReserved": "2025-11-12T21:55:13.229Z",
        "dateUpdated": "2026-02-03T15:39:59.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13096 (GCVE-0-2025-13096)

    Vulnerability from cvelistv5 – Published: 2026-02-02 20:56 – Updated: 2026-02-03 15:39
    VLAI
    Title
    XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -
    Summary
    IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    ibm
    References
    URL Tags
    https://www.ibm.com/support/pages/node/7259321 vendor-advisorypatch
    Impacted products
    Vendor Product Version
    IBM Business Automation Workflow containers Affected: V25.0.0 , ≤ V25.0.0-IF002 (semver)
    Affected: V24.0.1 , ≤ V24.0.1-IF005 (semver)
    Affected: V24.0.0 , ≤ V24.0.0-IF007 (semver)
        cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*
    Create a notification for this product.
    IBM Business Automation Workflow traditional Affected: 25.0.0
    Affected: 24.0.1
    Affected: 24.0.0
        cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*
        cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13096",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:38:54.551059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:39:59.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:if008:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:if006:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:containers:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:if003:*:*:containers:*:*:*"
              ],
              "product": "Business Automation Workflow containers",
              "vendor": "IBM",
              "versions": [
                {
                  "lessThanOrEqual": "V25.0.0-IF002",
                  "status": "affected",
                  "version": "V25.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "V24.0.1-IF005",
                  "status": "affected",
                  "version": "V24.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "V24.0.0-IF007",
                  "status": "affected",
                  "version": "V24.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
                "cpe:2.3:a:ibm:business_automation_workflow:25.0.0:*:*:*:traditional:*:*:*"
              ],
              "product": "Business Automation Workflow traditional",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "25.0.0"
                },
                {
                  "status": "affected",
                  "version": "24.0.1"
                },
                {
                  "status": "affected",
                  "version": "24.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIBM Business Automation Workflow containers V25.0.0 through V25.0.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e, V24.0.1 - V24.0.1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e, V24.0.0 - V24.0.0\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e-IF007\u003c/span\u003e and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u0026nbsp;remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u0026nbsp;resources.\u003c/p\u003e"
                }
              ],
              "value": "IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A\u00a0remote attacker could exploit this vulnerability to expose sensitive information or consume memory\u00a0resources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:56:48.318Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://www.ibm.com/support/pages/node/7259321"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;as soon as practical.\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eAffected Product(s)\u003c/th\u003e\u003cth\u003eVersion(s)\u003c/th\u003e\u003cth\u003eRemediation / Fix\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV25.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes\"\u003e25.0.0-IF003\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV24.0.1\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7183042\"\u003e24.0.1-IF006\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow containers\u003c/td\u003e\u003ctd\u003eV24.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7159792\"\u003e24.0.0-IF008\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional\u003c/td\u003e\u003ctd\u003eV25.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes\"\u003e25.0.0-IF003\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional \u003c/td\u003e\u003ctd\u003eV24.0.1\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes\"\u003e24.0.1-IF006\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM Business Automation Workflow traditional \u0026nbsp;\u003c/td\u003e\u003ctd\u003eV24.0.0\u003c/td\u003e\u003ctd\u003eApply \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI\"\u003eDT456229\u003c/a\u003e\u0026nbsp;included in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes\"\u003e24.0.0-IF008\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
                }
              ],
              "value": "The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0as soon as practical.\n\nAffected Product(s)Version(s)Remediation / FixIBM Business Automation Workflow containersV25.0.0Apply  25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-containers-25000-interim-fixes IBM Business Automation Workflow containersV24.0.1Apply  24.0.1-IF006 https://www.ibm.com/support/pages/node/7183042 IBM Business Automation Workflow containersV24.0.0Apply  24.0.0-IF008 https://www.ibm.com/support/pages/node/7159792 IBM Business Automation Workflow traditionalV25.0.0Apply  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in  25.0.0-IF003 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-25000-interim-fixes IBM Business Automation Workflow traditional V24.0.1Apply  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in  24.0.1-IF006 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24010-interim-fixes IBM Business Automation Workflow traditional \u00a0V24.0.0Apply  DT456229 https://www.ibm.com/mysupport/aCIgJ0000007aZpWAI \u00a0included in  24.0.0-IF008 https://www.ibm.com/support/pages/readme-ibm-business-automation-workflow-24000-interim-fixes"
            }
          ],
          "title": "XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -",
          "x_generator": {
            "engine": "ibm-cvegen"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2025-13096",
        "datePublished": "2026-02-02T20:56:48.318Z",
        "dateReserved": "2025-11-12T21:55:13.229Z",
        "dateUpdated": "2026-02-03T15:39:59.140Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }