IBM API Connect 10.0.8.010.0.8.5/10.0.11.0: Auth Bypass Remote
CVE-2025-13915 Published on December 26, 2025
Authentication bypass in IBM API Connect
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Vulnerability Analysis
CVE-2025-13915 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Products Associated with CVE-2025-13915
Want to know whenever a new CVE is published for IBM Api Connect? stack.watch will email you.
Affected Versions
IBM API Connect:- Version 10.0.8.0, <= 10.0.8.5 is affected.
- Version 10.0.11.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.