CVE-2025-13915

CWE-3054 documents4 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 45.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM API Connect

Timeline

PublishedDec 26

Latest updateDec 31

Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm/api_connect10.0.8.0 — 10.0.8.5+1

▶NVDibm/api_connect10.0.8.0 — 10.0.8.5+1

🔴Vulnerability Details

GHSA

GHSA-gp88-9wrc-jxf5: IBM API Connect 10↗2025-12-26

▶

CVEList

Authentication bypass in IBM API Connect↗2025-12-26

▶

🕵️Threat Intelligence

Bleepingcomputer

IBM warns of critical API Connect auth bypass vulnerability↗2025-12-31

▶