Data Transmission Vulnerability in IBM App Connect Enterprise Products
CVE-2025-13490

5.9MEDIUM

Key Information:

Vendor: IBM
Status: App Connect Operator; App Connect Enterprisecertified Containers Operands
Vendor: CVE Published:; 3 March 2026

What is CVE-2025-13490?

IBM App Connect Enterprise products are susceptible to a vulnerability that allows sensitive data to be transmitted without encryption. This issue permits attackers to potentially intercept communications through man-in-the-middle techniques, exposing critical information. Users utilizing versions of the IBM App Connect Operator from 11.3.0 to 12.20.0 and specific certified container operands should implement mitigations to ensure their data remains secure.

Affected Version(s)

App Connect EnterpriseCertified Containers Operands CD:12.0.11.2

App Connect Operator CD:11.3.0 <= 11.6.0, 12.1.0 - 12.20.112.0 LTS:12.0.0 - 12.0.20

References

https://www.ibm.com/support/pages/node/7262271

vendor-advisorypatch

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Nov 20, 2025

CVE-2025-13490 Data

JSON