CVE-2025-13915

Summary

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Affected Software

VendorProductVersion RangeStatus
IBMAPI Connect10.0.8.0 <= 10.0.8.5affected
IBMAPI Connect10.0.11.0affected

Weaknesses

  • CWE-305: CWE-305 Authentication Bypass by Primary Weakness

Workarounds

Workarounds and Mitigations Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exposure to this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References