Security Advisory

IBM Product Security Update Advisory

  • Feb 03 2026
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-13096

 

IBM Business Automation Workflow containers versions: 25.0.0 and later 25.0.0-IF002 and earlier
IBM Business Automation Workflow containers version: 24.0.1 and later 24.0.1-IF005 and earlier
IBM Business Automation Workflow containers version: 24.0.0 or later 24.0.0-IF007 or earlier
IBM Business Automation Workflow containers versions: Older versions with end of support
IBM Business Automation Workflow traditional versions: 25.0.0
IBM Business Automation Workflow traditional version: 24.0.1
IBM Business Automation Workflow traditional version: 24.0.0
IBM Business Automation Workflow traditional versions: Older, unsupported versions

 

CVE-2025-14914

 

IBM WebSphere Application Server – Liberty Versions: 17.0.0.3 or later and 26.0.0.1 or earlier

 

 

Resolved Vulnerabilities

 

XML external entity injection vulnerability in IBM Business Automation Workflow (CVE-2025-13096)
Remote code execution vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-14914)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-13096

 

IBM Business Automation Workflow containers version: 25.0.0-IF003
IBM Business Automation Workflow containers version: 24.0.1-IF006
IBM Business Automation Workflow containers version: 24.0.0-IF008
IBM Business Automation Workflow traditional version: DT456229 included in 25.0.0-IF003
IBM Business Automation Workflow traditional version: DT456229 included in 24.0.1-IF006
IBM Business Automation Workflow traditional version: DT45622

 

CVE-2025-14914

 

IBM WebSphere Application Server – Liberty Edition: Updated with Referenced Sites[2]

 

 

References

 

[1] Security Bulletin: XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow – CVE-2025-13096
https://www.ibm.com/support/pages/node/7259321
[2] Security Bulletin: IBM WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)
https://www.ibm.com/support/pages/node/7258224

Tags:
Previous Post

Next Post