—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authentication Bypass Vulnerability in IBM API Connect 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

IBM API Connect version 10.0.8.0 through 10.0.8.5

IBM API Connect version 10.0.11.0

Overview

A vulnerability has been reported in IBM API Connect which could allow a remote attacker to bypass authentication mechanism on the targeted system.

Target Audience:

Organizations and individuals using the affected IBM API Connect versions.

Risk Assessment:

High risk of unauthorised access.

Impact Assessment:

Potential for complete system compromise.

Description

IBM API Connect is an end-to-end API management platform that enables organizations to create, manage, secure, and monitor APIs across cloud and on-premises environments.

This vulnerability exists in IBM API connect due to a logic error in the authentication flow of the IBM API Connect management interface. An attacker could exploit this vulnerability by sending a specially crafted request to the targeted system.

Successful exploitation of this vulnerability could allow a remote attacker to bypass the authentication mechanism and gain unauthorized access to the application.

Solution

Apply appropriate updates as metioned:

https://www.ibm.com/support/pages/node/7255149

Vendor Information

IBM

https://www.ibm.com/support/pages/node/7255149

References

IBM

https://www.ibm.com/support/pages/node/7255149

CVE Name

CVE-2025-13915

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlWi/4ACgkQ3jCgcSdc

ys+DDw/+Jct44wS/OKB6AdtVbMy/W7HMVPsAnBTt8sP+vV/bB4i94wSmMeOAUi/B

L1AadUqpu1SASypG19jZxsnYAQcLAcEDqs7CIyLLeCvU01ULSOh7AnRldrCjdjvU

NWLaFaHtkVjQBoeWiEzbk0FsAZ0rvod+THGhyCHWxPZf15QgEjgfOv0BvBjZi5Nx

CGpLD3LOiVIlph0gqW3kjENYEVXOrRTAM4rNJbp5uANn49/D5jzjTG7CRDd4Nwrp

2SlZU8ANlHeA8qgm/ThrGYxAqi51pGcYPXz9jEHkCcEo8rdazSOl9RgrCnsuD53+

d0E5JnG1bGQhTUXDE4AzOdpDoUb88U/SFe4EDUOoEAO7R3JzDD4i6b6hhf5xG3M2

3BtVCJayqQ6YgRAyprZlj9FZMNStfBiZzjUYoUG71emvxu1hTWXo2ZKKsSRdbVgV

Z52QkWblGGQqAiQ5SJieAegM6tezxB1s7mPT8Fc1+5xqtK1EpqeLLl3m9wRFSXH7

mtpsg2t1Ud5pHKzVdqezFF0ngPC4dq7MKw7v8fxoAw4G0kiC+YJ4zN7OSSv6FLWg

xHdHqJZgB5hoFN53YBEafe840+g50DP+tN4P/tIEHvPGw0ID883wWaRUgBFrFSjX

3tHHWF1QXZtEiSN19AqoqRemWFQr86Gat2TtGlNg215EXQCQOzM=

=7XOt

—–END PGP SIGNATURE—–