AI description
CVE-2025-13915 is a security vulnerability affecting IBM API Connect versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0. It is classified as an authentication bypass, meaning a remote attacker could potentially bypass authentication mechanisms and gain unauthorized access to the application. No privileges or user interaction are required to exploit this vulnerability. This vulnerability could allow an attacker to gain unauthorized access to the API Connect management interface or backend services. IBM has released a security update to address this vulnerability and advises users of affected products to update to the latest version. If updating is not immediately possible, disabling self-service sign-up on the Developer Portal can help minimize exposure.
- Description
- IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
- Source
- psirt@us.ibm.com
- NVD status
- Analyzed
- Products
- api_connect
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@us.ibm.com
- CWE-305
- Hype score
- Not currently trending
CVE-2025-13915 Auth bypass found. IBM promises patch. Friday. Of course. CVSS high. "Critical," they declared late. Update your resume. API Connect. Authentication? None. Enterprise dreams. https://t.co/5bUxFvMh1A
@gothburz
2 Jan 2026
2232 Impressions
2 Retweets
20 Likes
1 Bookmark
5 Replies
2 Quotes
IBM disclosed a critical vulnerability in API Connect, tracked as CVE-2025-13915, rated 9.8 on the CVSS scale. This authentication bypass flaw allows remote attackers unauthorized access to the application. Affected versions include 10.0.8.0 to 10.0.8. https://t.co/834C2rgbim
@securityRSS
2 Jan 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na kritickou zranitelnost v IBM API Connect, CVE-2025-13915. Tato zranitelnost umožňuje neautentizovaným vzdáleným útočníkům kompletně obejít přihlašovací mechanismy a získat neoprávněný přístup k postiženým systémům. Zranitelnost předst
@GOVCERT_CZ
2 Jan 2026
259 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Why CVE-2025-13915 in IBM API Connect is a Wake-Up Call for Inherited Trust. Read the full report on - https://t.co/9tFLO81v5L https://t.co/4AplaCrd6y
@Iambivash007
1 Jan 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔹 تفاصيل الإصلاحات المتاحة لثغرة CVE-2025-13915 في IBM API Connect: •الإصلاح الرئيسي: أصدرت IBM تحديثات مؤقتة (interim fixes أو iFixes) لجميع الإصدارات المتأثرة. يُوصى بشدة بتطب
@GMashari
1 Jan 2026
78 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة حرجة في IBM API Connect (CVE-2025-13915) 🔹 شركة IBM حذّرت من ثغرة أمنية خطيرة في منصة IBM API Connect، وهي منصة تُستخدم لإدارة واجهات البرمجة (APIs) داخل المؤسسات الكبيرة و
@GMashari
1 Jan 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM warns of critical API Connect auth bypass vulnerability (CVE-2025-13915) https://t.co/8PLFZiOsl7 #patchmanagement
@eyalestrin
1 Jan 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨⚠️ Critical security flaw in IBM API Connect! Attackers could gain remote access 👾 CVE-2025-13915 scored 9.8 🛡️ #CyberSecurity #IBM #APISecurity Find out more: https://t.co/OayxOVLsLd
@HackingRabbit61
1 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915 poses a severe risk with its authentication bypass in IBM API Connect! Don't miss our detailed analysis to understand the implications and how to mitigate risks. Read more here: https://t.co/kEf79g2dW0 #CVE #APISecurity
@Smart_NFT2
1 Jan 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique dans API Connect (CVE-2025-13915, score 9.8/10) permettant un contournement d'authentification. Risque élevé d'accès distant non autorisé. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
1 Jan 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة حرجة في IBM API Connect (CVE-2025-13915) 🔹 شركة IBM حذّرت من ثغرة أمنية خطيرة في منصة IBM API Connect، وهي منصة تُستخدم لإدارة واجهات البرمجة (APIs) داخل المؤسسات الكبيرة
@xabdul
31 Dec 2025
2292 Impressions
4 Retweets
18 Likes
15 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique dans API Connect (CVE-2025-13915, score CVSS 9.8) permettant un contournement d'authentification. Risque d'accès distant non autorisé. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
31 Dec 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique dans API Connect (CVE-2025-13915, score CVSS 9.8) permettant un contournement d'authentification. Risque d'accès distant. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
31 Dec 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#IBM is warning that a critical CVE-2025-13915 flaw in API Connect, rated 9.8 on the CVSS scale, could let attackers bypass authentication and gain remote access without user interaction. https://t.co/3kj0Kthn2v
@NetizenCorp
31 Dec 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM, API Connect platformunda tespit edilen kritik güvenlik açığı için acil yama çağrısı yaptı. CVE-2025-13915 olarak kayıtlı bu açık, saldırganların kimlik doğrulamayı atlayarak uzaktan yetkisiz erişim elde etmesine ve özellikle bankacılık ile sağlık gib
@maktechhub2025
31 Dec 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM révèle une faille critique (CVE-2025-13915, score 9.8) dans API Connect, permettant un contournement d'authentification. Risque élevé d'accès distant non autorisé. #Cybersecurity #Vulnerability https://t.co/TZskU1FDhF @TheHackersNews
@cyberwatcher_
31 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915# Why Every Enterprise Using IBM API Connect is Now at Risk of a Total Data Hijack Read the full report on - https://t.co/KRfxbiN55k https://t.co/8DTyKVZCC0
@Iambivash007
31 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IBM API Connect Hit by CVE-2025-13915 Authentication Bypass Bug #cybersecurity #cyashadotcom #UnitedStates https://t.co/pFD9GioxSm
@cyashadotcom
30 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: IBM API Connect flaw lets attackers bypass authentication (CVE-2025-13915). Versions 10.0.8.0–10.0.8.5 & 10.0.11.0 at risk! Restrict access, monitor logs, and prep for patches. Details: https://t.co/K9cX6Ab3x7... https://t.co/IFnI62muDK
@offseq
27 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-13915 Authentication Bypass Vulnerability in IBM API Connect 10.0.8.0 t... https://t.co/eRmHRePuZt Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
26 Dec 2025
92 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-13915: CRITICAL] IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.#cve,CVE-2025-13915,#cybersecurity https://t.co/z7iVlZg9Pk https://t.co/3qJdPc8q3y
@CveFindCom
26 Dec 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:api_connect:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93252B35-2824-4183-8D91-E3AAE4ADBB22",
"versionEndIncluding": "10.0.8.5",
"versionStartIncluding": "10.0.8.0"
},
{
"criteria": "cpe:2.3:a:ibm:api_connect:10.0.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB79D210-459D-4394-9895-B15DA4069C6A"
}
],
"operator": "OR"
}
]
}
]