CVE-2025-13734 (GCVE-0-2025-13734)

Vulnerability from cvelistv5 – Published: 2026-03-03 19:51 – Updated: 2026-03-04 21:15
VLAI?
Title
IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions
Summary
IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM Engineering Requirements Management DOORS Next Affected: 7.1 , ≤ rage Scale 5.2.3.0 - 5.2.3.5 (semver)
Affected: 7.2 , ≤ rage Scale 6.0.0.0 - 6.0.0.1 (semver)
    cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*
 Create a notification for this product.
Credits
Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T21:14:33.587080Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T21:15:13.629Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*"
          ],
          "product": "Engineering Requirements Management DOORS Next",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "rage Scale 5.2.3.0 - 5.2.3.5",
              "status": "affected",
              "version": "7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "rage Scale 6.0.0.0 - 6.0.0.1",
              "status": "affected",
              "version": "7.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.\u003c/p\u003e"
            }
          ],
          "value": "IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-03T19:51:48.142Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7261900"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer.\u003c/p\u003e"
            }
          ],
          "value": "IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer."
        }
      ],
      "title": "IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13734",
    "datePublished": "2026-03-03T19:51:48.142Z",
    "dateReserved": "2025-11-26T02:11:54.076Z",
    "dateUpdated": "2026-03-04T21:15:13.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13734\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-03-03T20:16:42.427\",\"lastModified\":\"2026-03-04T18:32:16.960\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44B30C9-5962-4994-A810-B0E04561EDD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"098E34AC-EE87-48A5-B1F5-7F93B4089022\"}]}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7261900\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13734\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-04T21:14:33.587080Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-04T21:15:08.094Z\"}}], \"cna\": {\"title\": \"IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Acknowledgement The vulnerability was reported to IBM by: Peter Backlund, Hunter Dyer, Todd Fine, Gary Huang, Dorota Kopczyk, Charles Nove, Addison Shuppy, George Thompson, Sandia National Laboratories\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.1.0:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2:*:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:engineering_requirements_management_doors_next:7.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"Engineering Requirements Management DOORS Next\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"rage Scale 5.2.3.0 - 5.2.3.5\"}, {\"status\": \"affected\", \"version\": \"7.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"rage Scale 6.0.0.0 - 6.0.0.1\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly recommends addressing the vulnerabilities now by taking the actions documented in this bulletin. For IBM Engineering Requirements Management DOORS Next 7.1, install ifix 08 or newer. For IBM Engineering Requirements Management DOORS Next 7.2, install ifix 01 or newer.\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7261900\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-03-03T19:51:48.142Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13734\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-04T21:15:13.629Z\", \"dateReserved\": \"2025-11-26T02:11:54.076Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-03-03T19:51:48.142Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.