Vulnerabilities ›

CVE-2025-13096

High

CWE-918 — Weakness Type

                    Published: Feb 2, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.1

🔗 NVD Official

📄 Description (English)

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

🤖 AI Executive Summary

IBM Business Automation Workflow versions 24.0.0-25.0.0 contain an XML External Entity (XXE) injection vulnerability (CVSS 7.1) that allows remote attackers to expose sensitive information or cause denial of service through memory exhaustion. This vulnerability affects both containerized and traditional deployments used in enterprise workflow automation across Saudi organizations. Immediate patching is required for all affected versions.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 10, 2026 03:33

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), and large enterprises using IBM BAW for critical workflow automation. Financial institutions processing XML-based transactions, healthcare organizations managing patient data workflows, and government entities handling sensitive administrative processes are most at risk. Potential exposure includes customer PII, financial transaction data, and classified government information. Memory exhaustion attacks could disrupt critical business processes during peak operational hours.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Services Energy and Utilities Telecommunications Insurance Manufacturing and Industrial Retail and E-commerce

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery T1005 - Data from Local System T1499 - Endpoint Denial of Service T1040 - Traffic Capture or Replay

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Inventory all IBM Business Automation Workflow deployments (containers and traditional) across your organization

2. Identify systems running versions 24.0.0, 24.0.1, 25.0.0 and their respective interim fixes (IF001-IF007)

3. Disable or restrict XML processing endpoints if possible until patching is complete

4. Implement network segmentation to limit access to BAW services

PATCHING GUIDANCE:

1. Apply latest available patches immediately (IF008 or later for 24.0.0/24.0.1, or upgrade to patched 25.0.0 version)

2. For containerized deployments: rebuild container images with patched IBM BAW versions

3. For traditional deployments: apply IBM security fixes through standard update mechanisms

4. Test patches in non-production environment first, then deploy to production with change management approval

COMPENSATING CONTROLS (if patching delayed):

1. Implement Web Application Firewall (WAF) rules to detect and block XXE payloads (DOCTYPE declarations, ENTITY definitions)

2. Disable XML external entity processing at application level if configuration options exist

3. Implement strict input validation and XML schema validation

4. Monitor for suspicious XML patterns in logs

5. Restrict network access to BAW services using firewall rules

DETECTION RULES:

1. Monitor for HTTP requests containing DOCTYPE, ENTITY, or SYSTEM keywords in XML payloads

2. Alert on unusual memory consumption spikes in BAW processes

3. Log and alert on XML parsing errors or timeouts

4. Monitor for file:// or http:// protocol usage in XML entity declarations

5. Track failed XML validation attempts

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع نشرات IBM Business Automation Workflow (الحاويات والتقليدية) عبر مؤسستك

2. حدد الأنظمة التي تعمل بالإصدارات 24.0.0 و 24.0.1 و 25.0.0 والإصلاحات الوسيطة الخاصة بها (IF001-IF007)

3. عطّل أو قيّد نقاط نهاية معالجة XML إن أمكن حتى اكتمال التصحيح

4. طبّق تقسيم الشبكة لتحديد الوصول إلى خدمات BAW

إرشادات التصحيح:

1. طبّق أحدث التصحيحات المتاحة فوراً (IF008 أو أحدث للإصدارات 24.0.0/24.0.1، أو ترقية إلى إصدار 25.0.0 معدّل)

2. للنشرات المحتوية: أعد بناء صور الحاويات باستخدام إصدارات IBM BAW المصححة

3. للنشرات التقليدية: طبّق إصلاحات أمان IBM من خلال آليات التحديث القياسية

4. اختبر التصحيحات في بيئة غير الإنتاج أولاً، ثم انشرها في الإنتاج مع موافقة إدارة التغيير

الضوابط البديلة (إذا تأخر التصحيح):

1. طبّق قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حمولات XXE وحجبها

2. عطّل معالجة كيان XML الخارجي على مستوى التطبيق إن وجدت خيارات التكوين

3. طبّق التحقق الصارم من المدخلات والتحقق من مخطط XML

4. راقب أنماط XML المريبة في السجلات

5. قيّد الوصول إلى شبكة خدمات BAW باستخدام قواعد جدار الحماية

قواعد الكشف:

1. راقب طلبات HTTP التي تحتوي على DOCTYPE أو ENTITY أو SYSTEM في حمولات XML

2. نبّه على ارتفاع استهلاك الذاكرة غير المعتاد في عمليات BAW

3. سجّل وأصدر تنبيهات حول أخطاء أو انتهاءات مهلة معالجة XML

4. راقب استخدام بروتوكول file:// أو http:// في إعلانات كيان XML

5. تتبع محاولات التحقق من صحة XML الفاشلة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Information security requirements for supplier relationships ECC 2024 A.14.2.5 - Addressing information security in supplier agreements ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Secure development policy

🔵 SAMA CSF

SAMA CSF 2.1 - Asset Management and Inventory SAMA CSF 2.3 - Vulnerability Management SAMA CSF 3.1 - Access Control SAMA CSF 4.1 - Detection and Analysis

🟡 ISO 27001:2022

ISO 27001:2022 A.12.2.1 - Secure development policy and procedures ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Supplier security requirements ISO 27001:2022 A.8.1.3 - Segregation of duties

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches and updates PCI DSS 6.5.1 - Injection flaws prevention PCI DSS 11.2 - Vulnerability scanning

🔗 References & Sources 1

🔗

https://www.ibm.com/support/pages/node/7259321

psirt@us.ibm.com

Vendor Advisory

📦 Affected Products / CPE 17 entries

ibm:business_automation_workflow

ibm:business_automation_workflow:24.0.0

ibm:business_automation_workflow:24.0.1

ibm:business_automation_workflow:25.0.0

📊 CVSS Score

7.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.1

CWECWE-918

EPSS0.06%

Exploit No

Patch ✓ Yes

Published 2026-02-02

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-918

🏢 Vendor Advisories

🔗 https://www.ibm.com/support/pages/node/7259321

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-13096

💬 Comments

Introduce Yourself

Sign In Required