IBM App Connect CE Container Untrusted Search Path Enables Sens Access (12.19)
CVE-2025-13491 Published on February 5, 2026
IBM App Connect Enterprise Certified Container Information Disclosure
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
Vulnerability Analysis
CVE-2025-13491 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2025-13491 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2025-13491
Want to know whenever a new CVE is published for IBM products? stack.watch will email you.
Affected Versions
IBM App Connect Enterprise Certified Container:- Version 11.2.0, <= 11.6.0 is affected.
- Version 12.1.0, <= 12.19.0 is affected.
- Version 12.0.0, <= 12.0.19 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.