Authentication Bypass in IBM API Connect by IBM
CVE-2025-13915

9.8CRITICAL

Key Information:

Vendor

IBM
Status
Api Connect
Vendor
CVE Published:
26 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2025-13915?

A vulnerability in IBM API Connect allows a remote attacker to bypass authentication controls, potentially leading to unauthorized access to sensitive application data. This issue affects specific versions of the product, highlighting the importance of keeping software up to date and implementing security best practices to mitigate the risk.

Affected Version(s)

API Connect 10.0.8.0 <= 10.0.8.5

API Connect 10.0.11.0

News Articles

favicon imageCyble

Critical IBM API Connect Flaw CVE-2025-13915 Alert

Singapore warns of critical CVE-2025-13915 in IBM API Connect. Authentication bypass flaw scored 9.8 CVSS. Patches and mitigations released.

2 weeks ago

favicon imageSecurity Affairs

IBM warns of critical API Connect bug enabling remote access

IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass.

3 weeks ago

favicon imageBleepingComputer

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely.

3 weeks ago

References

https://www.ibm.com/support/pages/node/7255149
vendor-advisorypatch

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

JSON
.