How serious is CVE-2025-13702?

This vulnerability has a CVSS score of 5.4 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2025-13702?

Yes, proof-of-concept exploit code for CVE-2025-13702 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2025-13702?

CVE-2025-13702 affects ibm sterling partner engagement manager. Check the full CVE details for specific version information.

How do I fix CVE-2025-13702?

To remediate CVE-2025-13702, check for security patches from ibm. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-13702

Medium

|5.4

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker, who is already logged into the IBM Sterling Partner Engagement Manager, to inject malicious JavaScript into the web interface, potentially exposing sensitive information like user credentials. This means that if an attacker can gain access to a user's account, they can manipulate the application in harmful ways.

Technical Description

IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

Confidentiality ImpactLow

Integrity ImpactLow

Availability ImpactNone

ScopeChanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$741($500-$1K)

Vendor Response

Grade APatched in 4 days

Quick Information

Published

Mar 13, 2026

25 days ago

Last Modified

Mar 18, 2026

20 days ago

Vendor

ibm

Product

sterling partner engagement manager

Related Vulnerabilities

CVE-2025-13460Medium

This vulnerability allows an attacker to discover valid usernames within IBM Aspera Console by exploiting differences in system responses. The attacker needs to interact with the application in a way that reveals these discrepancies, which could lead to further attacks like password guessing.

CVE-2025-13459Medium

This vulnerability allows a privileged user to disrupt the service by misusing the system's workflow controls, potentially causing downtime. It affects specific versions of IBM Aspera Console, so users running those versions should be cautious about how workflows are managed.

CVE-2025-13212Medium

This vulnerability allows an authenticated user to disrupt the email service, potentially causing it to become unavailable for others. It occurs because the system doesn't properly manage how often users can interact with the email service, leading to a denial of service.

CVE-2025-13726High

This vulnerability allows a remote attacker to access sensitive information from IBM Sterling Partner Engagement Manager due to detailed error messages being exposed. If an attacker can trigger these error messages, they could gather valuable information that might help them launch further attacks on the system.

CVE-2025-13723High

An attacker can exploit this vulnerability to access sensitive user information by using an expired access token, which means they don't need valid credentials to gain this information. This issue affects specific versions of IBM Sterling Partner Engagement Manager, so organizations using these versions should take immediate action to secure their systems.