CVE-2025-13915: Authentication Bypass Flaw in IBM API Connect

Published Date: January 7, 2026
Category: ShadowOpsIntel
Share:

CVE-2025-13915 is a critical authentication bypass vulnerability discovered in IBM API Connect, a widely used enterprise platform for managing and securing APIs. The flaw allows remote, unauthenticated attackers to gain access to API Connect systems without valid credentials. The issue prompted urgent alerts from IBM, the Cyber Security Agency of Singapore (CSA), and CERT-In (India) in early January 2026.

Severity: Critical

Vulnerability Details

  • CVE ID: CVE-2025-13915
  • Type: Authentication Bypass
  • CWE: CWE-305 (Authentication Bypass by Primary Weakness), CWE-287 (Improper Authentication)
  • CVSS Score: 9.8
  • Description: The flaw stems from a logic error in the authentication flow of the API Connect management interface. Even though the underlying authentication algorithm is secure, improper implementation lets attackers bypass the process entirely and obtain unauthorized administrative access.

Technical Impact

  • The vulnerability is remotely exploitable, requiring no credentials or user interaction.
  • Exploitation could result in full compromise of confidentiality, integrity, and availability of the API Connect environment.
  • Attackers could execute privileged operations, alter configurations, or exfiltrate sensitive API data.
  • While no exploitation in the wild has been observed so far, Cyble assessed the issue as “very critical”, and the EPSS score 0.37 indicates a moderate probability of exploitation in future attacks.

Affected Products

  • IBM API Connect v10.0.8.0 – v10.0.8.5
  • IBM API Connect v10.0.11.0

Both on-premises and cloud deployments using these versions are vulnerable.

Discovery and Advisory Timeline

  1. 17 Dec 2025: IBM releases initial security bulletin.
  2. 25 Dec 2025: IBM publishes detailed fix documentation.
  3. 01 Jan 2026: CERT-In issues CIVN-2026-0001 alert.
  4. 02 Jan 2026: CSA (Singapore) publishes national advisory.

Remediation and Mitigation

  • Patch Immediately: Apply IBM interim fixes (iFixes) for affected builds — available for both 10.0.8.x and 10.0.11.0.
  • Temporary Mitigation: Disable self-service sign-up on the Developer Portal to limit exposure until patching is completed.
  • Security Hardening: Restrict access to the API Connect management interface, enforce strong IAM and MFA, and monitor logs for unauthorized activity.

Source:

  • https://www.ibm.com/support/pages/security-bulletin-authentication-bypass-ibm-api-connect-0
  • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0001
  • https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-126/

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

 Contact Us