Authenticated Attackers Could Exploit IBM Watsonx Vulnerability to Access Sensitive Data

A critical SQL injection vulnerability, CVE-2025-0165, affects certain versions of IBM Watsonx Orchestrate Cartridge in IBM Cloud Pak for Data, risking data breaches and service disruption. Organizations running vulnerable versions are urged to update to version 5.2.0.1 to mitigate these high-severity threats. #CVE20250165 #IBMWatsonx

Keypoints

The vulnerability allows blind SQL injection attacks on specific IBM Cloud Pak for Data versions.
It stems from improper input sanitization, enabling malicious SQL queries.
The CVSS score of 7.6 indicates a high-severity risk impacting confidentiality, integrity, and availability.
IBM recommends immediate upgrade to version 5.2.0.1 and following remediation steps.
Additional defenses include deploying WAFs and enforcing least-privilege access controls.