IBM has disclosed a serious Blind SQL injection vulnerability in its Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data, tracked as CVE-2025-0165. The flaw carries a CVSS 3.1 base score of (High) and arises from improper sanitization of user-supplied input within the query processing engine. By exploiting this weakness, attackers with low-privilege authenticated access could inject malicious SQL statements into backend queries, potentially compromising sensitive databases. The vulnerability affects IBM Watsonx Orchestrate Cartridge versions 4.8.4–4.8.5 and 5.0.0–5.2.

The issue stems from the cartridge’s failure to neutralize special SQL elements before building dynamic queries, directly violating CWE-89: Improper Neutralization of Special Elements used in an SQL Command. Crafted payloads submitted through exposed API endpoints could enable attackers to execute arbitrary SQL commands. This would allow them to read confidential data, alter user permissions, insert malicious records, or delete critical information, significantly undermining both data integrity and availability.

According to the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L), the flaw is exploitable remotely over the network with low attack complexity and no user interaction, though it requires authenticated low-privilege access. Its impact is particularly severe on confidentiality, with a high risk of sensitive data exposure, while integrity and availability are moderately affected. These characteristics make the vulnerability a valuable target for adversaries seeking to exploit enterprise orchestration environments.

IBM strongly advises customers to immediately upgrade to Watsonx Orchestrate Cartridge version 5.2.0.1, which enforces strict input validation and parameterized queries to neutralize SQL injection attempts. As no workarounds are available, timely patching is critical. In addition, organizations are urged to review database logs for unusual queries, deploy Web Application Firewalls (WAFs) with SQL injection detection rules, and apply least-privilege principles to service accounts. Taking these steps will help enterprises protect AI-driven orchestration workflows from unauthorized data manipulation and maintain compliance with security policies.