IBM App Connect Cert Container Cleartext MITM Vulnerability CD 11.3.0-12.20.0, LTS 12.0.0-12.0.20
CVE-2025-13490 Published on March 3, 2026
IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that report metrics are vulnerable to loss of confidentiality
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2r1 through 12.0.12.5r1 and 13.0.1.0r1 through 13.0.6.1r1, and LTS versions 12.0.12r1 through 12.0.12r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through maninthemiddle techniques.
Vulnerability Analysis
CVE-2025-13490 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.
Products Associated with CVE-2025-13490
stack.watch emails you whenever new vulnerabilities are published in IBM App Connect Operator or IBM App Connect Enterprisecertified Containers Operands. Just hit a watch button to start following.
Affected Versions
IBM App Connect Operator:- Version CD:11.3.0, <= 11.6.0, 12.1.0 - 12.20.112.0 LTS:12.0.0 - 12.0.20 is affected.
- Version CD:12.0.11.2, <= r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.1-r112.0 LTS:12.0.12-r1 - 12.0.12-r20 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.