CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical Authentication Bypass Vulnerability in IBM API Connect

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

IBM has disclosed a critical authentication bypass vulnerability (CVE-2025-13915) in its API Connect platform, affecting versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5. This flaw, rated 9.8/10 in severity, allows remote attackers to bypass authentication and gain unauthorized access to applications. IBM urges customers to upgrade to the latest version and provides mitigation steps for those unable to patch immediately. The vulnerability is particularly concerning due to its low attack complexity and lack of requirement for user interaction. It impacts API Connect deployments in on-premises, cloud, and hybrid environments, used by organizations in sectors like banking, healthcare, and telecommunications. There is no evidence of the vulnerability being exploited in the wild.

Timeline

  1. 31.12.2025 12:34 2 articles · 1d ago

    IBM Discloses Critical Authentication Bypass in API Connect

    IBM has disclosed a critical authentication bypass vulnerability (CVE-2025-13915) in its API Connect platform, affecting versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5. The flaw, rated 9.8/10 in severity, allows remote attackers to bypass authentication and gain unauthorized access to applications. IBM urges customers to upgrade to the latest version and provides mitigation steps for those unable to patch immediately. API Connect is used by companies like Axis Bank, Bankart, Etihad Airways, Finologee, IBS Bulgaria, State Bank of India, Tata Consultancy Services, and TINE.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

SOAPwn Vulnerability in .NET Framework Enables Remote Code Execution

A critical vulnerability, codenamed SOAPwn, in the .NET Framework allows attackers to achieve remote code execution by manipulating Web Services Description Language (WSDL) imports and HTTP client proxies. The flaw impacts multiple enterprise applications, including Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. Exploiting SOAPwn can lead to arbitrary file writes and NTLM relay attacks. Microsoft has declined to patch the issue, attributing it to application behavior. The vulnerability was disclosed at the Black Hat Europe security conference by WatchTowr Labs researcher Piotr Bazydlo. Affected vendors have released patches to address the flaw.

Open in new tab

Unauthenticated access vulnerability in Oracle E-Business Suite Configurator

A critical vulnerability in Oracle E-Business Suite (EBS) allows unauthenticated attackers to access sensitive data via HTTP. The flaw, CVE-2025-61884, affects versions 12.2.3 through 12.2.14 and has a CVSS score of 7.5. CISA has confirmed that the vulnerability is being exploited in attacks and has added it to its Known Exploited Vulnerabilities catalog. Oracle has issued an emergency security update and patch, but exploitation in the wild has been reported. The vulnerability is in the Runtime UI component and could lead to unauthorized access to critical data. Oracle has silently fixed the vulnerability after it was actively exploited and a proof-of-concept exploit was leaked by the ShinyHunters extortion group. This development follows recent disclosures of zero-day exploitation in EBS software, attributed to a group with ties to the Clop ransomware group. The Clop group has been involved in major data theft campaigns targeting zero-days in Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer.

Open in new tab

Critical Deserialization RCE Vulnerability in SolarWinds Web Help Desk

SolarWinds has released a third patch to address a critical deserialization vulnerability (CVE-2025-26399) in Web Help Desk 12.8.7 and earlier versions. This flaw allows unauthenticated remote code execution (RCE) on affected systems. The vulnerability was discovered by an anonymous researcher and reported through Trend Micro's Zero Day Initiative (ZDI). The flaw is a patch bypass for CVE-2024-28988, which itself was a bypass for CVE-2024-28986. The original vulnerability was exploited in the wild and added to the Known Exploited Vulnerabilities (KEV) catalog by CISA. SolarWinds advises users to update to version 12.8.7 HF1 to mitigate the risk. SolarWinds Web Help Desk is a help desk and ticketing suite used by medium-to-large organizations for IT support request tracking, workflow automation, asset management, and compliance assurance. The vulnerability affects the AjaxProxy component, and the hotfix requires replacing specific JAR files.

Open in new tab

SAP S/4HANA Command Injection Vulnerability CVE-2025-42957 Exploited in the Wild

A critical command injection vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is actively exploited in the wild. The flaw allows attackers with low-privileged user access to execute arbitrary ABAP code, potentially leading to full system compromise. The vulnerability affects both on-premise and Private Cloud editions of SAP S/4HANA. The flaw was patched in SAP's August 2025 updates, but exploitation has been observed. SecurityBridge Threat Research Labs, BleepingComputer, and Pathlock have reported active exploitation. Organizations are advised to apply patches, monitor logs for suspicious RFC calls or new admin users, implement SAP's Unified Connectivity framework (UCON) to restrict RFC usage, and take additional security measures to mitigate the risk.

Open in new tab

Critical RADIUS Authentication Flaw in Cisco Secure Firewall Management Center

Cisco has disclosed and patched a critical vulnerability in the RADIUS subsystem of Secure Firewall Management Center (FMC) Software. The flaw, CVE-2025-20265, allows unauthenticated, remote attackers to execute arbitrary shell commands on affected systems. This vulnerability affects FMC Software versions 7.0.7 and 7.7.0 when RADIUS authentication is enabled for web-based management or SSH. The issue arises from improper handling of user input during the authentication phase, enabling attackers to inject malicious commands. Successful exploitation can lead to high-privilege command execution. There are no workarounds other than applying the provided patches. The flaw was discovered by Brandon Sakai during internal security testing. Cisco has also resolved several high-severity bugs in various products.

Open in new tab