By Erik van Klinken
Publication Date: 2025-12-31 12:04:00
IBM is urging customers to immediately patch a critical vulnerability in API Connect. The flaw allows attackers to access applications without authentication. The leak affects hundreds of organizations in banking, healthcare, and retail.
The vulnerability, registered as CVE-2025-13915, scores 9.8 on the CVSS rating. It concerns an authentication bypass flaw in IBM API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5. Attackers can gain remote access to exposed applications without credentials.
API Connect is an API gateway platform that enables organizations to develop, test, and manage APIs. The platform is available for on-premises, cloud, and hybrid environments. Successful exploitation requires no user interaction and has low attack complexity.
IBM urges immediate upgrade to the latest version. For organizations that cannot patch immediately, the company offers temporary measures. IBM API Connect could allow a remote attacker to bypass…