CVE-2025-13915— Authentication bypass in IBM API Connect

CVSS 9.8 · Critical EPSS 0.30% · P53 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-13915

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Authentication bypass in IBM API Connect

Source: NVD (National Vulnerability Database)

Vulnerability Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用基本弱点进行的认证绕过

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM API Connect 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM API Connect（APIConnect）是美国国际商业机器（IBM）公司的一套用于管理API生命周期的集成解决方案。该产品支持创建、运行、管理和保护API和微服务等。 IBM API Connect 10.0.8.0版本至10.0.8.5版本和10.0.11.0版本存在安全漏洞，该漏洞源于可绕过身份验证机制，可能导致未经授权的访问。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM	API Connect	10.0.8.0 ~ 10.0.8.5	`cpe:2.3:a:ibm:api_connect:10.0.8.0:::::::*`

II. Public POCs for CVE-2025-13915

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-13915

请登录查看更多情报信息。

Vendor Advisories for CVE-2025-13915 (1)

https://www.ibm.com/support/pages/node/7255149vendor-advisorypatch

https://nvd.nist.gov/vuln/detail/CVE-2025-13915

Same Patch Batch · IBM · 2025-12-26 · 9 CVEs total

CVE-2025-12771	7.8 HIGH	IBM Concert Software Improper Restriction of Operations within the Bounds of a Memory Buff
CVE-2025-64645	7.7 HIGH	Multiple Vulnerabilities in IBM Concert Software.
CVE-2025-36192	6.7 MEDIUM	Missing Authorization with the DS8900F and DS8A00 Hardware Management Console
CVE-2025-1721	5.9 MEDIUM	BM Concert Software Improper Clearing of Heap Memory Before Release.
CVE-2025-36230	5.4 MEDIUM	XSS in IBM Aspera Faspex
CVE-2025-14687	4.3 MEDIUM	Client-Side Enforcement of Server-Side Security in IBM Db2 Intelligence Center
CVE-2025-36228	3.8 LOW	Incorrect Execution-Assigned Permissions in IBM Aspera Faspex
CVE-2025-36229	3.1 LOW	Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera F

IV. Related Vulnerabilities

Same product: API Connect

Same vendor: IBM

Same weakness: CWE-305

V. Comments for CVE-2025-13915

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-13915— Authentication bypass in IBM API Connect

I. Basic Information for CVE-2025-13915

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2025-13915

III. Intelligence Information for CVE-2025-13915

Vendor Advisories for CVE-2025-13915 (1)

Same Patch Batch · IBM · 2025-12-26 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-13915

Leave a comment