By The Hacker News
Publication Date: 2025-12-31 13:37:00
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application,” the tech giant said in a bulletin.
The shortcoming affects the following versions of IBM API Connect –
- 10.0.8.0 through 10.0.8.5
- 10.0.11.0
Customers are advised to follow the steps outlined below –
- Download the fix from Fix Central
- Extract the files: Readme.md and ibm-apiconnect--ifix.13195.tar.gz
- Apply the fix based on the appropriate API Connect version
“Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will…