{“lastseen”:”2025-12-31T13:40:15″,”description”:”\\n\\nIBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.\\n\\nThe vulnerability, tracked as **CVE-2025-13915** , is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.\\n\\n\\”IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application,\\” the tech giant said in a bulletin.\\n\\nThe shortcoming affects the following versions of IBM API Connect -\\n\\n * 10.0.8.0 through 10.0.8.5\\n * 10.0.11.0\\n\\n\\n\\n\\n\\nCustomers are advised to follow the steps outlined below -\\n\\n * Download the fix from Fix Central\\n * Extract the files: Readme.md and ibm-apiconnect-\\u003cversion\\u003e-ifix.13195.tar.gz\\n * Apply the fix based on the appropriate API Connect version\\n\\n\\n\\n\\”Customers unable to install the interim fix should disable self-service sign-up on their Developer Portal if enabled, which will help minimise their exposure to this vulnerability,\\” the company added.\\n\\nAPI Connect is an end-to-end application programming interface (API) solution that allows organizations to create, test, manage, and secure APIs located on cloud and on-premises. It’s used by companies like Axis Bank, Bankart, Etihad Airways, Finologee, IBS Bulgaria, State Bank of India, Tata Consultancy Services, and TINE.\\n\\nWhile there is no evidence of the vulnerability being exploited in the wild, users are advised to apply the fixes as soon as possible for optimal protection.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-12-31T13:37:00″,”modified”:”2025-12-31T13:37:55″,”type”:”thn”,”title”:”IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass”,”source”:””,”references”:””,”id”:”THN:F04B014DD53923325C39F2962CEF5897″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-13915″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/12\/ibm-warns-of-critical-api-connect-bug.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-31T13:40:15″,”description”:”\\n\\nIBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.\\n\\nThe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,7,11,43,5],"class_list":["post-33483","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n