CVE-2025-13096
Published: 02 February 2026
Summary
CVE-2025-13096 is a high-severity SSRF (CWE-918) vulnerability in Ibm Business Automation Workflow. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE directly enables remote exploitation of a public-facing workflow app (T1190) for local file/system data disclosure (T1005) and limited DoS.
NVD Description
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker…
more
could exploit this vulnerability to expose sensitive information or consume memory resources.
Deeper analysisAI
CVE-2025-13096 is an XML external entity injection (XXE) vulnerability, classified under CWE-918, affecting specific versions of IBM Business Automation Workflow. The impacted software includes IBM Business Automation Workflow containers from V25.0.0 through V25.0.0-IF007, V24.0.1 through V24.0.1-IF007, and V24.0.0 through V24.0.0-IF007, as well as IBM Business Automation Workflow traditional deployments at V25.0.0, V24.0.1, and V24.0.0. The flaw arises when the software processes XML data, enabling potential exploitation as scored at CVSS 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).
A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. Successful exploitation allows the attacker to disclose sensitive information due to the high confidentiality impact (C:H) or cause limited denial of service through memory resource consumption (A:L), with no integrity impact.
IBM's security advisory provides details on mitigation and patches; refer to https://www.ibm.com/support/pages/node/7259321 for remediation guidance specific to the affected versions.
Details
- CWE(s)