IBM has detailed a critical security flaw in API Connect that could allow attackers to gain remote access to applications.
This vulnerability is tracked as CVE-2025-13915 and is rated 9.8 out of a maximum of 10.0 in the CVSS scoring system. This is described as an authentication bypass flaw.
“IBM API Connect may allow remote attackers to bypass authentication mechanisms and gain unauthorized access to applications,” the tech giant said in a bulletin.
This drawback affects the following versions of IBM API Connect:
10.0.8.0 – 10.0.8.5 10.0.11.0
We recommend that customers follow the steps outlined below.
Download fixes from Fix Central. Extract the files Readme.md and ibm-apiconnect–ifix.13195.tar.gz. Apply fixes based on the appropriate API Connect version.
“Customers who are unable to install the interim fix should disable self-service sign-up if enabled in the developer portal to minimize exposure to this vulnerability,” the company added.
API Connect is an end-to-end application programming interface (API) solution that enables organizations to create, test, manage, and secure APIs in the cloud and on-premises. Used by companies such as Axis Bank, Bankart, Etihad Airways, Finologee, IBS Bulgaria, State Bank of India, Tata Consultancy Services, and TINE.
Although there is no evidence that this vulnerability has been exploited, we recommend that users apply the patch as soon as possible for optimal protection.
Source link
