CVE-2025-13734 is a vulnerability classified under CWE-862 (Missing Authorization) affecting IBM Engineering Requirements Management DOORS Next versions 7.1 and 7.2. The flaw arises because the application fails to enforce proper authorization checks, allowing authenticated users with limited privileges to access and modify data beyond their assigned permissions. This vulnerability can be exploited remotely over the network without requiring user interaction, and with low attack complexity, as indicated by the CVSS vector (AV:N/AC:L/PR:L/UI:N). The impact primarily affects confidentiality and integrity, as unauthorized users can view and alter sensitive requirements data, potentially leading to data leakage or manipulation of critical project information. Availability is not impacted. The vulnerability is significant in environments where DOORS Next is used to manage engineering requirements, especially in regulated industries such as aerospace, automotive, and defense, where data integrity and confidentiality are paramount. No public exploits have been reported yet, but the risk remains due to the nature of the missing authorization controls. IBM has not yet released patches at the time of this report, so organizations must implement interim controls to mitigate risk. The vulnerability was reserved in late 2025 and published in early 2026, reflecting recent discovery and disclosure.

The vulnerability allows unauthorized access and modification of sensitive requirements data, which can undermine the integrity and confidentiality of critical project information. This can lead to incorrect or malicious changes in engineering requirements, potentially causing design flaws, compliance violations, or safety risks in products developed using DOORS Next. Organizations may face intellectual property theft, regulatory penalties, and reputational damage if sensitive data is exposed or altered. Since the flaw requires only authenticated access with limited privileges, insider threats or compromised user accounts can be leveraged to escalate privileges and cause significant harm. The absence of availability impact limits disruption to service continuity, but the integrity and confidentiality risks remain substantial, especially in high-stakes industries.

1. Immediately review and audit user permissions within IBM DOORS Next to ensure the principle of least privilege is enforced, removing unnecessary access rights. 2. Monitor user activity logs for unusual access patterns or unauthorized data modifications, focusing on users with limited privileges performing elevated actions. 3. Implement network segmentation and access controls to restrict DOORS Next access to trusted users and systems only. 4. Apply vendor patches promptly once IBM releases updates addressing this vulnerability. 5. Consider deploying compensating controls such as multi-factor authentication (MFA) to reduce the risk of compromised credentials being used to exploit the flaw. 6. Conduct regular security training for users to recognize and report suspicious activity. 7. If patching is delayed, use application-layer firewalls or proxy solutions to enforce additional authorization checks where feasible.