CVE-2025-13734 — Missing Authorization in IBM Engineering Requirements Management Doors Next

CWE-862 — Missing Authorization CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.0%

top 93.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Engineering Requirements Management Doors Next

Timeline

PublishedMar 3

Description

IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5ibm/engineering_requirements_management_doors_next7.1 — rage Scale 5.2.3.0 - 5.2.3.5+1

▶NVDibm/engineering_requirements_management_doors_next7.1, 7.2+1

🔴Vulnerability Details

GHSA

GHSA-p3c3-wc7q-58mm: IBM Engineering Requirements Management DOORS Next 7↗2026-03-03

▶

CVEList

IBM Engineering Requirements Management DOORS Next could allow an authenticated user to access and modify data beyond authorized permissions↗2026-03-03

▶