EXECUTIVE SUMMARY:
The critical vulnerability CVE-2025-13915 impacts IBM API Connect versions 10.0.8.0 through 10.0.8.5 and version 10.0.11.0, exposing the platform to a severe authentication bypass flaw. An unauthenticated remote attacker can exploit this weakness to circumvent login controls and gain unauthorized access to protected API management components. The issue stems from improper authentication enforcement, allowing attackers to interact with sensitive services without valid credentials. Successful exploitation could enable attackers to view, modify, or manage API configurations and backend integrations. This significantly increases the risk of data exposure, service manipulation, and potential downstream compromise of connected systems. The vulnerability is exploitable over the network and does not require any user interaction or prior access. Due to its high impact, the flaw has been assigned a CVSS v3.1 score of 9.8, categorizing it as critical.
RECOMMENDATION:
We strongly recommend you refer below link:
https://www.ibm.com/support/pages/node/7255149
REFERENCES:
The following reports contain further technical details: