CVE-2025-13915
Unknown Unknown - Not Provided
Authentication Bypass in IBM API Connect 10.0.8.x and

Publication date: 2025-12-26

Last updated on: 2025-12-26

Assigner: IBM Corporation

Description
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-26
Last Modified
2025-12-26
Generated
2026-06-16
AI Q&A
2025-12-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13915
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ibm api_connect 10.0.8.5
ibm api_connect 10.0.8.0
ibm api_connect 10.0.11.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in IBM API Connect versions 10.0.8.0 through 10.0.8.5, and 10.0.11.0 allows a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Impact Analysis

The vulnerability can lead to unauthorized access to the application, potentially allowing attackers to compromise confidentiality, integrity, and availability of the system and its data.

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

IBM strongly recommends upgrading to remediated versions of IBM API Connect to address the vulnerability. Specific interim fixes (iFix) are available for each affected version, with download and installation instructions provided via IBM support links. For customers unable to apply the fixes immediately, IBM advises disabling the self-service sign-up feature on the Developer Portal to reduce exposure. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13915. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart