CVE-2025-13915
published 2025-12-26CVE-2025-13915: IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the…
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.67%
94.5th percentile
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | api_connect | — | — |
| ibm | api_connect | 10.0.8.0 – 10.0.8.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability affects IBM API Connect versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0; detect exposed instances by identifying these version strings in network banners or API responses ↗
- →Monitor for unauthenticated access attempts to IBM API Connect Developer Portal endpoints, particularly self-service sign-up flows, which are the attack surface for this bypass ↗
- →Alert on successful authentication events to IBM API Connect that are not preceded by a valid credential submission — indicative of authentication mechanism bypass in low-complexity, no-user-interaction attacks ↗
- ·Disabling self-service sign-up on the Developer Portal is a recommended mitigation for those unable to patch immediately, but it only minimises (not eliminates) exposure ↗
- ·The vulnerability is exploitable remotely with no authentication and no user interaction required, making internet-exposed instances at critical risk ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
5th January – Threat Intelligence Report
blogs_checkpoint·2026-01-05
CVE-2025-14346 5th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 5th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 5th January, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Two US banks, Artisans’ Bank and VeraBank, disclosed that customer data was exposed in an August ransomware attack on their vendor, Marquis Software. The vendor was breached via SonicWall vulnerability, and while the banks’ own systems were not compromised, researchers estimate the incident may have affected in total up to
Bleepingcomputer
IBM warns of critical API Connect auth bypass vulnerability
blogs_bleepingcomputer·2025-12-31·CVSS 9.8
[CRITICAL] IBM warns of critical API Connect auth bypass vulnerability
## IBM warns of critical API Connect auth bypass vulnerability
## Sergiu Gatlan
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely.
API Connect is an application programming interface (API) gateway that enables organizations to develop, test, and manage APIs and provide controlled access to internal services for applications, business partners, and external developers.
Available in on-premises, cloud, or hybrid deployments, API Connect is used by hundreds of companies in banking, healthcare, retail, and telecommunications sectors.
Tracked as CVE-2025-13915 and rated 9.8/10 in severity, this authentication bypass security flaw affects IBM API Connect versions 10.0.11.0 and
2025-12-26
Published