By SC Staff
Publication Date: 2026-01-02 15:13:00
IBM has warned that exploitation of a critical authentication bypass bug in its API Connect end-to-end application programming interface solution, tracked as CVE-2025-13915, could enable remote app access, The Hacker News reports.Organizations using IBM API Connect versions 10.0.8 through 10.0.8.5 and 10.0.11.0 have been urged to address the vulnerability by downloading the patch from Fix Central, extracting the ‘Readme.md’ and ‘ibm-apiconnect--ifix.13195.tar.gz’ files, and implementing the proper fix, according to IBM.”Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exposure to this vulnerability,” said IBM, which has not observed any active abuse of the security issue.Multiple organizations, including Tata Consultancy Services, Axis Bank, Finologee, Etihad Airways, and the State Bank of India, have been leveraging IBM API Connect for cloud and on-premises API creation, testing,…