IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass.
IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass.
API Connect is IBM’s API management platform. It’s used by organizations to create, secure, manage, publish, and monitor APIs across their environments.
The vulnerability is a potential authentication bypass in IBM API Connect that was discovered during internal testing.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.” reads the advisory.
The flaw impacts the following products and versions:
| Affected Product(s) | Version(s) |
| API Connect | V10.0.8.0-V10.0.8.5 |
| API Connect | V10.0.11.0 |
As a workaround, customers who cannot apply the interim fix should disable self-service sign-up on the Developer Portal to reduce exposure to the vulnerability.
At this time, there is no evidence of active exploitation. Users are strongly advised to apply the fixes promptly to ensure protection.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, IBM)
Source: SecurityAffairs
Source Link: https://securityaffairs.com/186417/security/ibm-warns-of-critical-api-connect-bug-enabling-remote-access.html