IBM is urging customers to immediately patch a critical vulnerability in API Connect. The flaw allows attackers to access applications without authentication. The leak affects hundreds of organizations in banking, healthcare, and retail.
The vulnerability, registered as CVE-2025-13915, scores 9.8 on the CVSS rating. It concerns an authentication bypass flaw in IBM API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5. Attackers can gain remote access to exposed applications without credentials.
API Connect is an API gateway platform that enables organizations to develop, test, and manage APIs. The platform is available for on-premises, cloud, and hybrid environments. Successful exploitation requires no user interaction and has low attack complexity.
Immediate action required
IBM urges immediate upgrade to the latest version. For organizations that cannot patch immediately, the company offers temporary measures. IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Customers who are unable to install the interim fix should disable self-service sign-up on their Developer Portal if it is enabled. This will help minimize exposure to the vulnerability. Detailed instructions for applying the patch in VMware, OCP, and Kubernetes environments are available in an IBM support document.
Broader security pattern
Over the past four years, the US Cybersecurity and Infrastructure Security Agency (CISA) has added several IBM vulnerabilities to its catalog of known exploited vulnerabilities. The organization marks these as actively exploited in the wild and requires federal agencies to secure their systems in accordance with Binding Operational Directive (BOD) 22-01.
Two of these security vulnerabilities are also marked as used in ransomware attacks. These are a code execution error in IBM Aspera Faspex (CVE-2022-47986) and an Invalid Input error in IBM InfoSphere BigInsights (CVE-2013-3993). The urgency of patching IBM products therefore remains high.