Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

IBM API Connect authentication bypass (CVE-2025-13915)

Vulnerability
First reported
Last updated
Happening score
H score 23
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2025-13915 is a critical authentication bypass in IBM API Connect that can let unauthenticated attackers remotely access exposed applications. The flaw affects version 10.0.11.0 and 10.0.8.0 through 10.0.8.5, making affected gateway deployments immediately exposed. IBM said customers should upgrade to the latest release and, if needed, disable self-service sign-up as a temporary reduction step.

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

N8n sandbox escape flaws (multiple vulnerabilities)

Vulnerability
First: 04.02.2026 15:00 Last: 04.02.2026 15:00 Sources 1

About this happening: Two **maximum-severity sandbox-escape flaws** in **n8n** expose **self-hosted and cloud instances** to **complete server takeover** and **credential theft**. An **authenticated us...

Open Happening

IBM API Connect CVE-2025-13915 mitigation guidance

Advisory/Mitigation
First: 31.12.2025 12:34 Last: 31.12.2025 12:34 Sources 1

How related: IBM asked admins to upgrade vulnerable installations to the latest release to block potential attacks and provided mitigation measures for those who can't immediately deploy the security updates.

About this happening: **IBM** told customers to upgrade **IBM API Connect** to address **CVE-2025-13915**, a **critical authentication bypass** that can let **unauthenticated attackers** reach exposed...

Open Happening

Timeline

  1. 31.12.2025 12:34 3 articles · 4mo ago

    IBM discloses CVE-2025-13915 in IBM API Connect and urges patching

    Initial Disclosure

    IBM disclosed CVE-2025-13915, a critical authentication bypass in IBM API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5, and urged customers to upgrade vulnerable installations to the latest release. IBM also advised disabling self-service sign-up on the Developer Portal when the interim fix cannot be installed immediately, with patch instructions provided for VMware, OCP, and Kubernetes deployments.

    Show sources
    Open in new tab
  2. 31.12.2025 12:34 3 articles · 4mo ago

    IBM discloses CVE-2025-13915 in IBM API Connect and urges patching

    Initial Disclosure

    IBM disclosed CVE-2025-13915, a critical authentication bypass in IBM API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5, and urged customers to upgrade vulnerable installations to the latest release. IBM also advised disabling self-service sign-up on the Developer Portal when the interim fix cannot be installed immediately, with patch instructions provided for VMware, OCP, and Kubernetes deployments.

    Show sources
    Open in new tab