CVE-2025-13096
Published: 02 February 2026
Summary
CVE-2025-13096 is a high-severity SSRF (CWE-918) vulnerability in Ibm Business Automation Workflow. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2025-13096 is an XML external entity injection (XXE) vulnerability, classified under CWE-918, affecting specific versions of IBM Business Automation Workflow. The impacted software includes IBM Business Automation Workflow containers from V25.0.0 through V25.0.0-IF007, V24.0.1 through V24.0.1-IF007, and V24.0.0 through V24.0.0-IF007, as well as IBM Business Automation Workflow traditional deployments at V25.0.0, V24.0.1, and V24.0.0. The flaw arises when the software processes XML data, enabling potential exploitation as scored at CVSS 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).
A remote attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. Successful exploitation allows the attacker to disclose sensitive information due to the high confidentiality impact (C:H) or cause limited denial of service through memory resource consumption (A:L), with no integrity impact.
IBM's security advisory provides details on mitigation and patches; refer to https://www.ibm.com/support/pages/node/7259321 for remediation guidance specific to the affected versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206752
Vulnerability details
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker…
more
could exploit this vulnerability to expose sensitive information or consume memory resources.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XXE directly enables remote exploitation of a public-facing workflow app (T1190) for local file/system data disclosure (T1005) and limited DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of XML input to reject external entity declarations, blocking the XXE attack vector in IBM Business Automation Workflow's XML processing.
Boundary protection rules can deny the outbound network requests that XXE uses to retrieve external entities, limiting information disclosure and resource exhaustion.
System monitoring can identify anomalous XML parsing behavior or memory spikes indicative of successful XXE exploitation against the workflow containers.