"IBM is urging customers to immediately patch a critical vulnerability in API Connect. The flaw allows attackers to access applications without authentication. The leak affects hundreds of organizations in banking, healthcare, and retail. The vulnerability, registered as CVE-2025-13915, scores 9.8 on the CVSS rating. It concerns an authentication bypass flaw in IBM API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5."
"Attackers can gain remote access to exposed applications without credentials. API Connect is an API gateway platform that enables organizations to develop, test, and manage APIs. The platform is available for on-premises, cloud, and hybrid environments. Successful exploitation requires no user interaction and has low attack complexity. IBM urges immediate upgrade to the latest version. For organizations that cannot patch immediately, the company offers temporary measures. IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application."
A critical authentication-bypass vulnerability in IBM API Connect (CVE-2025-13915) lets attackers access exposed applications without credentials. Affected versions include 10.0.11.0 and 10.0.8.0 through 10.0.8.5. The flaw scores 9.8 CVSS, requires no user interaction, and has low attack complexity, putting hundreds of organizations in banking, healthcare, and retail at risk. IBM recommends immediate upgrading to the latest version and provides temporary mitigations for those unable to patch, including disabling self-service sign-up on Developer Portal and applying interim fixes. Detailed patching instructions are available for VMware, OCP, and Kubernetes environments. CISA has previously listed multiple IBM flaws as actively exploited.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]