Perceptive Security
SOC/SIEM Consultancy
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
Published:
31 December 2025 at 13:37:00
Alert date:
31 December 2025 at 14:02:09
Source:
thehackernews.com
Enterprise Applications, Web Technologies, Zero-Day Vulnerabilities, Identity & Access
IBM disclosed a critical security vulnerability in API Connect tracked as CVE-2025-13915 with a CVSS score of 9.8/10. The flaw is described as an authentication bypass vulnerability that could allow remote attackers to bypass authentication mechanisms and gain unauthorized access to the application. This represents a high-severity security issue affecting IBM's API Connect platform.
Technical details
Critical authentication bypass vulnerability in IBM API Connect that allows remote attackers to bypass authentication mechanisms and gain unauthorized access to the application. The vulnerability is rated 9.8 out of 10.0 on the CVSS scoring system.
Mitigation steps:
Download the fix from Fix Central
Extract the files: Readme.md and ibm-apiconnect-<version>-ifix.13195.tar.gz
Apply the fix based on the appropriate API Connect version
If unable to install the interim fix, disable self-service sign-up on Developer Portal if enabled to minimize exposure
Affected products:
IBM API Connect 10.0.8.0 through 10.0.8.5
IBM API Connect 10.0.11.0
Related links:
https://www.ibm.com/products/api-connect
https://www.cve.org/CVERecord?id=CVE-2025-13915
https://www.ibm.com/support/pages/node/7255149
https://www.ibm.com/support/pages/node/7255318
https://www.ibm.com/docs/en/api-connect/software/12.1.0?topic=api-connect-overview
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.