Vulnerability Details CVE-2025-13096
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2025-13096
-
cpe:2.3:a:ibm:business_automation_workflow:-
-
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:18.0.0.3
-
cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2
-
cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3
-
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2
-
cpe:2.3:a:ibm:business_automation_workflow:21.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:21.0.2
-
cpe:2.3:a:ibm:business_automation_workflow:21.0.3
-
cpe:2.3:a:ibm:business_automation_workflow:21.0.3.1
-
cpe:2.3:a:ibm:business_automation_workflow:22.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:22.0.2
-
cpe:2.3:a:ibm:business_automation_workflow:23.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:23.0.2
-
cpe:2.3:a:ibm:business_automation_workflow:24.0.0
-
cpe:2.3:a:ibm:business_automation_workflow:24.0.1
-
cpe:2.3:a:ibm:business_automation_workflow:25.0.0