SQL Injection Vulnerability in IBM Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data
CVE-2025-0165

7.6HIGH

Key Information:

Vendor: IBM
Status: Watsonx Orchestrate Cartridge For IBM Cloud Pak For Data
Vendor: CVE Published:; 30 August 2025

What is CVE-2025-0165?

The IBM Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data is susceptible to SQL injection attacks, enabling remote attackers to manipulate SQL queries. This vulnerability could potentially allow unauthorized access and control over the back-end database, resulting in unauthorized viewing, modification, or deletion of critical data.

Affected Version(s)

watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4 <= 4.8.5

watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 5.0.0 <= 5.2.0

References

https://www.ibm.com/support/pages/node/7243596

vendor-advisorypatch

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2025
Vulnerability Reserved
Dec 31, 2024