CVE Alert: CVE-2025-0165 - IBM - watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

CVE-2025-0165

HIGHNo exploitation known

IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

CVSS v3.1 (7.6)

AV NETWORK · AC LOW · PR LOW · UI NONE · S UNCHANGED

Vendor

IBM

Product

watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Versions

4.8.4 lte 4.8.5 | 5.0.0 lte 5.2.0

CWE

CWE-89, CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Published

2025-08-30T12:47:56.304Z

Updated

2025-08-30T12:47:56.304Z

cpe:2.3:a:ibm:watsonx_orchestrate_cartridge_for_ibm_cloud_pak_for_data:4.8.4:*:*:*:*:*:*:*cpe:2.3:a:ibm:watsonx_orchestrate_cartridge_for_ibm_cloud_pak_for_data:4.8.5:*:*:*:*:*:*:*cpe:2.3:a:ibm:watsonx_orchestrate_cartridge_for_ibm_cloud_pak_for_data:5.0.0:*:*:*:*:*:*:*cpe:2.3:a:ibm:watsonx_orchestrate_cartridge_for_ibm_cloud_pak_for_data:5.2.0:*:*:*:*:*:*:*

References

https://www.ibm.com/support/pages/node/7243596

AI Summary Analysis

Risk verdict

High risk: a remote SQL injection with low-privilege access could view or modify backend data; patching should be treated as urgent.

Why this matters

Successful exploitation could lead to data disclosure, alteration or loss, undermining confidentiality and integrity of critical datasets. The impact on regulated or sensitive data could trigger compliance and trust concerns, with potential business disruption if the backend becomes unreliable.

Most likely attack path

An attacker can reach a network-facing endpoint and exploit unsanitised input to execute arbitrary SQL. No user interaction is required, and only low privileges are needed, increasing the likelihood of exploitation in exposed environments. A successful chain could enable data exfiltration or tampering, with possible lateral movement through compromised queries.

Who is most exposed

Deployments where the cartridge is accessible over the network and not promptly patched are most at risk—common in on-premises or cloud-integrated enterprise setups with external-facing interfaces and automation workflows.

Detection ideas

Look for unusual or erroring SQL queries in application and database logs.
Alerts for atypical data retrieval patterns or large, unexpected data exports.
IDS/IPS or WAF logs showing SQL injection-like payloads.
Long-running queries or increased DB wait times tied to the cartridge endpoints.
Sudden spikes in authentication or access to sensitive tables.

Mitigation and prioritisation

Upgrade to IBM watsonx Orchestrate Cartridge 5.2.0.1 and validate in a test environment before production.
If immediate patching isn’t possible, apply compensating controls: restrict access to the cartridge endpoint (IP allowlists, VPN-only), require authentication, and enforce least privilege; enable application-layer input validation and parameterised queries.
Strengthen monitoring: real-time DB logs, SIEM alerts for SQLi patterns, and anomaly detection on data access.
Schedule patching in a maintained window; verify patch success and rollback plan if issues arise. Treat as high priority given the CVSS implications and remote exploit path.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-0165, IBM, OSINT, threatintel, watsonx-orchestrate-cartridge-for-ibm-cloud-pak-for-data