IBM has warned organizations using its API Connect platform about a severe security vulnerability that could allow unauthorized individuals to access applications remotely. The company has urged customers to apply security updates immediately to reduce the risk of exploitation.
API Connect is an enterprise-level platform designed to help organizations create, manage, and secure application programming interfaces, commonly referred to as APIs. APIs act as digital connectors that allow different software systems to communicate securely. Because these interfaces often expose internal services to external applications, business partners, and developers, they play a crucial role in modern digital operations.
IBM API Connect can be deployed in multiple environments, including on-premises infrastructure, cloud-based systems, and hybrid setups. Due to this flexibility, it is widely adopted across industries such as banking, healthcare, retail, and telecommunications, where secure data exchange is essential.
The vulnerability, identified as CVE-2025-13915, has been assigned a severity score of 9.8 out of 10, placing it in the highest risk category. According to IBM, the flaw affects API Connect versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5.
At the core of the issue is a weakness in the platform’s authentication mechanism. Under certain conditions, an attacker could bypass login checks entirely and gain access to exposed applications without providing valid credentials. The attack does not require advanced tech
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: