CVE-2025-0165
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data SQL injection
Description
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
INFO
Published Date :
Aug. 30, 2025, 1:15 p.m.
Last Modified :
Sept. 2, 2025, 3:55 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-0165
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 3.1 | HIGH | MITRE-CVE |
Solution
- Update to a version of the software that is not affected.
- Apply security patches provided by the vendor.
- Validate and sanitize all SQL inputs.
- Use parameterized queries for database interactions.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-0165.
| URL | Resource |
|---|---|
| https://www.ibm.com/support/pages/node/7243596 |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-0165 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-0165
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-0165 vulnerability anywhere in the article.
-
The Cyber Express
Windows 10 Hits End of Life: 200 Million PCs Face Mounting Security Risks
Microsoft has officially ended support for Windows 10, affecting hundreds of millions of users worldwide. This decision comes nearly a decade after the operating system’s initial release and signals t ... Read more
-
The Cyber Express
CISA Warns of Actively Exploited Zero-Day XSS Flaw in Zimbra Collaboration Suite
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent alert concerning an actively exploited zero-day vulnerability in the Zimbra Collaboration Suite (ZCS). The flaw, ... Read more
-
The Cyber Express
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its ... Read more
-
The Cyber Express
Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration
A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the f ... Read more
-
The Cyber Express
Pakistan Launches Probe After Massive SIM Data Leak Hits Millions
The Pakistani government has launched an urgent investigation following reports of a massive data leak involving SIM holders’ personal information, including that of Interior Minister Mohsin Naqvi. Th ... Read more
-
The Cyber Express
Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers
A newly disclosed security flaw in the Linux UDisks daemon has been reported. Tracked as CVE-2025-8067, the out-of-bounds read vulnerability allows local, unprivileged users to access files and data o ... Read more
-
The Cyber Express
Authenticated Attackers Could Exploit IBM Watsonx Vulnerability to Access Sensitive Data
A newly disclosed security vulnerability, tracked as CVE-2025-0165, has been reported, specifically concerning the users of the IBM Watsonx Orchestrate Cartridge within the IBM Cloud Pak for Data plat ... Read more
-
CybersecurityNews
IBM Watsonx Vulnerability Let Attackers Inject Malicious SQl Queries
IBM published a security bulletin disclosing a serious Blind SQL injection vulnerability in its IBM Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data, assigned CVE-2025-0165. With a CVSS 3.1 ba ... Read more
The following table lists the changes that have been made to the
CVE-2025-0165 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Aug. 30, 2025
Action Type Old Value New Value Added Description IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L Added CWE CWE-89 Added Reference https://www.ibm.com/support/pages/node/7243596