Plattform
ibm
Komponente
ibm-business-automation-workflow
Behoben in
25.0.1
24.0.2
24.0.1
25.0.1
24.0.2
24.0.1
CVE-2025-13096 describes an XML external entity injection (XXE) vulnerability present in IBM Business Automation Workflow. This flaw allows a remote attacker to potentially expose sensitive information or exhaust memory resources by manipulating XML data processing. The vulnerability impacts versions 24.0.0 through 25.0.0-IF002, and a fix is available in version 25.0.1.
Successful exploitation of CVE-2025-13096 could lead to significant data breaches. An attacker could craft malicious XML payloads to read arbitrary files on the server, potentially exposing configuration files, database credentials, or other sensitive data. Beyond data exfiltration, the XXE attack can be leveraged for denial-of-service (DoS) by consuming excessive memory resources, rendering the Business Automation Workflow instance unavailable. The impact is particularly severe in environments where Business Automation Workflow handles sensitive business processes or integrates with critical systems.
This vulnerability was publicly disclosed on 2026-02-02. The CVSS score of 7.1 (HIGH) indicates a significant risk. No public proof-of-concept exploits have been observed as of this writing, but the XXE vulnerability class is well-understood and readily exploitable. It is recommended to prioritize remediation due to the potential for data exposure and DoS.
Organizations heavily reliant on IBM Business Automation Workflow for critical business processes, particularly those handling sensitive data such as financial information or personal data, are at significant risk. Shared hosting environments where multiple tenants share the same Business Automation Workflow instance are also vulnerable, as an attacker could potentially exploit the vulnerability to access data belonging to other tenants.
• linux / server: Monitor Business Automation Workflow logs for unusual XML processing activity or errors related to external entity resolution. Use journalctl -u ba-workflow to filter for relevant log entries.
journalctl -u ba-workflow | grep -i "external entity"• generic web: Use curl to test for XXE vulnerabilities by sending crafted XML payloads containing external entity declarations. Examine the response for any signs of file disclosure or error messages.
curl -X POST -d '<!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <a href=&xxe;'>' https://<your_baw_url>/baw/process/MyProcess• ibm: Review IBM Business Automation Workflow audit logs for suspicious XML processing requests. Consult IBM's security bulletins for specific detection signatures or recommendations.
disclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13096 is to upgrade to IBM Business Automation Workflow version 25.0.1 or later. If immediate upgrading is not feasible, consider implementing input validation and sanitization on all XML data processed by the system. Configure your WAF to block XML requests containing suspicious external entity declarations. Review and restrict file access permissions to minimize the potential impact of a successful XXE attack. After upgrading, confirm the fix by attempting to trigger an XXE payload and verifying that it is properly blocked.
Actualice IBM Business Automation Workflow a una versión posterior a V25.0.0-IF007, V24.0.1-IF007 o V24.0.0-IF007. Consulte el advisory de IBM para obtener más detalles sobre las versiones específicas y los parches disponibles. Aplique las actualizaciones de seguridad proporcionadas por IBM lo antes posible.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13096 is a vulnerability allowing attackers to inject external entities into XML processing, potentially exposing sensitive data or causing denial-of-service in IBM Business Automation Workflow.
You are affected if you are running IBM Business Automation Workflow versions 24.0.0–V25.0.0-IF002. Check your version and upgrade accordingly.
Upgrade to version 25.0.1 or later. As a temporary workaround, implement strict input validation and sanitization for XML data.
While no public exploits are currently known, the vulnerability is well-understood and poses a significant risk. Proactive remediation is recommended.
Refer to the official IBM Security Bulletin for details: [https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/baw/20260202/2](https://www.ibm.com/support/kbdoc/firstdoc?docid=instance/baw/20260202/2)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.