Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: SQL Injection in IBM watsonx Orchestrate Cartridge, Patch Immediately!
Image
Published : 01/09/2025
Last update: 01/09/2025
Affected products:
- IBM watsonx Orchestrate Cartridge
Type:
- SQL Injection
CVE/CVSS:
- CVE-2025-0165: CVSS 7.6 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)
Sources
IBM - https://www.ibm.com/support/pages/node/7243596
Risks
A newly discovered vulnerability in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data allows attackers to perform SQL injection, enabling them to manipulate backend queries and access sensitive information.
IBM watsonx Orchestrate Cartridge is a critical automation and orchestration tool within IBM Cloud Pak for Data, designed to streamline workflows, integrate data-driven processes, and support enterprise decision making.
If exploited this could lead to data breaches, system compromise, and operational downtime impacting confidentiality, integrity, and availability of critical businesses.
Description
A critical security vulnerability, CVE-2025-0165, has been identified in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data versions 4.8.4-4.8.5 and 5.0.0-5.2.0. This flaw arises from a blind SQL injection vulnerability, which occurs when specially crafted SQL statements are improperly neutralized, allowing an attacker to manipulate queries sent to the backend database.
In affected versions, a remote attacker with low privileges could exploit this vulnerability to view, add, modify, or delete information stored in the backend database. Successful exploitation impacts the confidentiality and integrity of sensitive enterprise data, potentially exposing organizations to data breaches and unauthorized manipulation of critical information.
IBM strongly recommends addressing the vulnerability immediately by upgrading to IBM watsonx Orchestrate Cartridge 5.2.0.1.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.