AI description
CVE-2025-13915 is a security vulnerability affecting IBM API Connect versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0. It is classified as an authentication bypass, meaning a remote attacker could potentially bypass authentication mechanisms and gain unauthorized access to the application. No privileges or user interaction are required to exploit this vulnerability. This vulnerability could allow an attacker to gain unauthorized access to the API Connect management interface or backend services. IBM has released a security update to address this vulnerability and advises users of affected products to update to the latest version. If updating is not immediately possible, disabling self-service sign-up on the Developer Portal can help minimize exposure.
- Description
- IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- api_connect
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-305
- Hype score
- Not currently trending
#VulnerabilityReport #APIConnect CVE-2025-13915: Critical 9.8 Flaw in IBM API Connect Lets Attackers Bypass Login https://t.co/qit9R1pNZW
@Komodosec
2 Feb 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 IBM API Connect [—] Jan 12, 2026 Critical Security Advisory: Authentication Bypass Vulnerability (CVE-2025-13915) Targets Multiple Versions of IBM API Connect, Urgent Patch Recommended Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/1cdOq
@transilienceai
12 Jan 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 IBM API Connect [—] Jan 10, 2026 Critical Security Advisory: Authentication Bypass Vulnerability (CVE-2025-13915) with Affected Version Summary, Risk Assessment, and Recommended Remediation Actions. Checkout our Threat Intelligence Platform:... https://t.co/RNffE38hhZ
@transilienceai
10 Jan 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 IBM API Connect [—] Jan 08, 2026 Comprehensive Security Advisory on the Critical Authentication Bypass Vulnerability (CVE-2025-13915) affecting IBM API Connect. Immediate action is required to mitigate risks from recent disclosures. Checkout our Threat Intelligence https:/
@transilienceai
8 Jan 2026
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM API Connect is affected by a critical authentication bypass vulnerability (CVE-2025-13915), allowing remote attackers to access applications without credentials. Update affected versions (10.0.8.0-10.0.8.5, 10.0.11.0) with IBM iFixes now. Read more: https://t.co/aILsWO937b h
@wazuh
6 Jan 2026
270 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Singapore Cyber Agency Warns of Critical IBM API Connect #Vulnerability (CVE-2025-13915) https://t.co/uRufAttwDA https://t.co/GZE6PfHVOh
@evanderburg
6 Jan 2026
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM has disclosed a critical authentication bypass vulnerability (CVE-2025-13915, CVSS 9.8) in API Connect versions 10.0.8.0 to 10.0.8.5 & 10.0.11.0. Remote attackers can exploit it to gain unauthorized access. Patch immediately! #Cy
@bigmacd16684
5 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerabilidad en productos IBM ❗ CVE-2025-13915 ➡️ Más info: https://t.co/HTR71pDcZg https://t.co/Lw2Ma1azuI
@CERTpy
5 Jan 2026
247 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw in IBM API Connect (CVE-2025-13915) allows remote attackers to bypass authentication and access sensitive data. Interim fixes released for versions 10.0.8.0 to 10.0.8.5. #AuthBypass #IBM #USA https://t.co/UAlNeX6BFY
@TweetThreatNews
5 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 IBM API Connect [—] Jan 05, 2026 Critical vulnerability report covering CVE-2025-13915 in IBM API Connect, focusing on symptoms, business risks, affected versions, urgent remediation strategies, and vendor advisories from the past 10 days. Checkout our Threat Intelligence.
@transilienceai
5 Jan 2026
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations - https://t.co/kN9fk2MpBO
@Cyberwarzonecom
3 Jan 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM discloses a critical CVSS 9.8 flaw (CVE-2025-13915) in API Connect. Also, cybercriminals are abusing Google Cloud's email feature in a multi-stage phishing campaign. (Source: The Hacker News, Jan 2026).
@AnonNews_irc
3 Jan 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Critical vulnerabilities hit DFAT, IBM API Connect & MongoDB. From "MongoBleed" to AI code injection, Australian digital ecosystems are under siege. Is your organization patched against CVE-2025-13915? Read more: https://t.co/HAGINHTWYo #CyberSecurity #InfoSec #Aus
@LeanSecAU
3 Jan 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest: 10,000+ Fortinet firewalls exposed to old MFA bypass (CVE-2020-12812). IBM disclosed critical API Connect auth bypass (CVE-2025-13915, CVSS 9.8). Pebble resurrected its round smartwatch, and Samsung launched the Freestyle+ AI projector.
@AnonNews_irc
2 Jan 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915 Auth bypass found. IBM promises patch. Friday. Of course. CVSS high. "Critical," they declared late. Update your resume. API Connect. Authentication? None. Enterprise dreams. https://t.co/5bUxFvMh1A
@gothburz
2 Jan 2026
2625 Impressions
3 Retweets
25 Likes
1 Bookmark
6 Replies
2 Quotes
Critical Alert: IBM API Connect is affected by a CVSS 9.8 authentication bypass vulnerability (CVE-2025-13915). Remote attackers can gain unauthorized access to affected versions 10.0.8.x and 10.0.11.0. Patch immediately. Read more: https://t.co/apgdvuUyM5 #CyberSecurity
@socradar
2 Jan 2026
166 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
IBM disclosed a critical vulnerability in API Connect, tracked as CVE-2025-13915, rated 9.8 on the CVSS scale. This authentication bypass flaw allows remote attackers unauthorized access to the application. Affected versions include 10.0.8.0 to 10.0.8. https://t.co/834C2rgbim
@securityRSS
2 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na kritickou zranitelnost v IBM API Connect, CVE-2025-13915. Tato zranitelnost umožňuje neautentizovaným vzdáleným útočníkům kompletně obejít přihlašovací mechanismy a získat neoprávněný přístup k postiženým systémům. Zranitelnost předst
@GOVCERT_CZ
2 Jan 2026
273 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM API Connect users: Immediate action is required. A critical Authentication Bypass vulnerability with a CVSS score of 9.8/10 has been disclosed. Attackers can gain unauthorized access without credentials. CVE: CVE-2025-13915 Patch NOW #CyberSecurity #InfoSec #APIConne
@ACCESSYSTEM_IT
2 Jan 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Why CVE-2025-13915 in IBM API Connect is a Wake-Up Call for Inherited Trust. Read the full report on - https://t.co/9tFLO81v5L https://t.co/4AplaCrd6y
@cyberbivash
1 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔹 تفاصيل الإصلاحات المتاحة لثغرة CVE-2025-13915 في IBM API Connect: •الإصلاح الرئيسي: أصدرت IBM تحديثات مؤقتة (interim fixes أو iFixes) لجميع الإصدارات المتأثرة. يُوصى بشدة بتطب
@GMashari
1 Jan 2026
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة حرجة في IBM API Connect (CVE-2025-13915) 🔹 شركة IBM حذّرت من ثغرة أمنية خطيرة في منصة IBM API Connect، وهي منصة تُستخدم لإدارة واجهات البرمجة (APIs) داخل المؤسسات الكبيرة و
@GMashari
1 Jan 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM warns of critical API Connect auth bypass vulnerability (CVE-2025-13915) https://t.co/8PLFZiOsl7 #patchmanagement
@eyalestrin
1 Jan 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨⚠️ Critical security flaw in IBM API Connect! Attackers could gain remote access 👾 CVE-2025-13915 scored 9.8 🛡️ #CyberSecurity #IBM #APISecurity Find out more: https://t.co/OayxOVLsLd
@HackingRabbitS
1 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915 poses a severe risk with its authentication bypass in IBM API Connect! Don't miss our detailed analysis to understand the implications and how to mitigate risks. Read more here: https://t.co/kEf79g2dW0 #CVE #APISecurity
@Smart_NFT2
1 Jan 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique dans API Connect (CVE-2025-13915, score 9.8/10) permettant un contournement d'authentification. Risque élevé d'accès distant non autorisé. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
1 Jan 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة حرجة في IBM API Connect (CVE-2025-13915) 🔹 شركة IBM حذّرت من ثغرة أمنية خطيرة في منصة IBM API Connect، وهي منصة تُستخدم لإدارة واجهات البرمجة (APIs) داخل المؤسسات الكبيرة
@xabdul
31 Dec 2025
2292 Impressions
4 Retweets
18 Likes
15 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique dans API Connect (CVE-2025-13915, score CVSS 9.8) permettant un contournement d'authentification. Risque d'accès distant non autorisé. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
31 Dec 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique dans API Connect (CVE-2025-13915, score CVSS 9.8) permettant un contournement d'authentification. Risque d'accès distant. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
31 Dec 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#IBM is warning that a critical CVE-2025-13915 flaw in API Connect, rated 9.8 on the CVSS scale, could let attackers bypass authentication and gain remote access without user interaction. https://t.co/3kj0Kthn2v
@NetizenCorp
31 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM, API Connect platformunda tespit edilen kritik güvenlik açığı için acil yama çağrısı yaptı. CVE-2025-13915 olarak kayıtlı bu açık, saldırganların kimlik doğrulamayı atlayarak uzaktan yetkisiz erişim elde etmesine ve özellikle bankacılık ile sağlık gib
@maktechhub2025
31 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique (CVE-2025-13915, score 9.8) dans API Connect, permettant un contournement d'authentification. Risque élevé d'accès distant non autorisé. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
31 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915# Why Every Enterprise Using IBM API Connect is Now at Risk of a Total Data Hijack Read the full report on - https://t.co/KRfxbiN55k https://t.co/8DTyKVZCC0
@cyberbivash
31 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM API Connect Hit by CVE-2025-13915 Authentication Bypass Bug #cybersecurity #cyashadotcom #UnitedStates https://t.co/pFD9GioxSm
@cyashadotcom
30 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: IBM API Connect flaw lets attackers bypass authentication (CVE-2025-13915). Versions 10.0.8.0–10.0.8.5 & 10.0.11.0 at risk! Restrict access, monitor logs, and prep for patches. Details: https://t.co/K9cX6Ab3x7... https://t.co/IFnI62muDK
@offseq
27 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915 Authentication Bypass Vulnerability in IBM API Connect 10.0.8.0 t... https://t.co/eRmHRePuZt Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
26 Dec 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-13915: CRITICAL] IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.#cve,CVE-2025-13915,#cybersecurity https://t.co/z7iVlZg9Pk https://t.co/3qJdPc8q3y
@CveFindCom
26 Dec 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93252B35-2824-4183-8D91-E3AAE4ADBB22",
"versionEndIncluding": "10.0.8.5",
"versionStartIncluding": "10.0.8.0"
},
{
"criteria": "cpe:2.3:a:ibm:api_connect:10.0.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB79D210-459D-4394-9895-B15DA4069C6A"
}
],
"operator": "OR"
}
]
}
]