CVE-2025-13734 – This vulnerability in IBM Engineering Requireme... (How to Fix)

Q: What is the severity of CVE-2025-13734?

CVE-2025-13734 has a CVSS score of 5.4 (MEDIUM). This vulnerability in IBM Engineering Requirements Management DOORS Next allows authenticated users to view and edit data beyond their assigned permissions. It affects versions 7.1 and 7.2 of the software, potentially exposing sensitive requirements data to unauthorized users.

📋 TL;DR

This vulnerability in IBM Engineering Requirements Management DOORS Next allows authenticated users to view and edit data beyond their assigned permissions. It affects versions 7.1 and 7.2 of the software, potentially exposing sensitive requirements data to unauthorized users.

💻 Affected Systems

Products:

IBM Engineering Requirements Management DOORS Next

Versions: 7.1, 7.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access; affects all configurations of the listed versions.

📦 What is this software?

Engineering Requirements Management Doors Next by Ibm

View all CVEs affecting Engineering Requirements Management Doors Next →

Engineering Requirements Management Doors Next by Ibm

View all CVEs affecting Engineering Requirements Management Doors Next →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could access and modify critical requirements data, potentially compromising intellectual property, regulatory compliance, or project integrity.

🟠

Likely Case

Internal users accidentally or intentionally accessing requirements data they shouldn't see, leading to data leakage or unauthorized modifications.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor data exposure within the same security domain.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but appears to be straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply interim fix or upgrade as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/7261900

Restart Required: Yes

Instructions:

1. Review IBM advisory 2. Apply recommended interim fix 3. Restart DOORS Next services 4. Verify fix applied

🔧 Temporary Workarounds

Tighten Access Controls

all

Review and restrict user permissions to minimum required access

Enhanced Monitoring

all

Implement detailed logging and monitoring of data access patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate DOORS Next systems
Enforce principle of least privilege and conduct regular access reviews

🔍 How to Verify

Check if Vulnerable:

Check IBM DOORS Next version against affected versions (7.1, 7.2)

Check Version:

Check version through DOORS Next administration interface or system documentation

Verify Fix Applied:

Verify patch installation and test user permissions to confirm access controls work properly

📡 Detection & Monitoring

Log Indicators:

Unusual data access patterns
Users accessing data outside their normal scope
Permission change events

Network Indicators:

Unexpected data retrieval patterns
Access to restricted API endpoints

SIEM Query:

source="DOORS_Next" AND (event_type="data_access" OR event_type="permission_violation")

📊 Metadata

CVE ID: CVE-2025-13734

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-862

Published: March 3, 2026

Last Updated: March 4, 2026

🔗 References

https://www.ibm.com/support/pages/node/7261900 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13734, you might also want to check these: