IBM has revealed a critical security vulnerability in API Connect that enables unauthorized remote access due to an authentication bypass flaw. Although not yet exploited in the wild, companies using affected versions are urged to apply security patches promptly. #CVE-2025-13915 #APIConnect
Keypoints
- A critical vulnerability (CVE-2025-13915) in IBM API Connect allows remote attackers to bypass authentication.
- The flaw impacts versions 10.0.8.0 to 10.0.8.5 and 10.0.11.0 of API Connect.
- IBM recommends downloading and applying the security fix from Fix Central to mitigate the risk.
- Disabling self-service sign-up on the Developer Portal is suggested if unable to install the fix immediately.
- API Connect is widely used by organizations like State Bank of India and TINE to manage secure APIs.
Read More: https://thehackernews.com/2025/12/ibm-warns-of-critical-api-connect-bug.html