CVE-2025-13915 Authentication bypass in IBM API Connect

🗓️ 26 Dec 2025 13:16:24Reported by ibmType

CVE-2025-13915 authentication bypass in API Connect versions 10.0.8.0–10.0.8.5 and 10.0.11.0.

Reporter	Title	Published	Views	Family All 13
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	30 Jan 202617:20	–	ibm
IBM Security Bulletins	Security Bulletin: Authentication bypass in IBM API Connect	25 Dec 202514:04	–	ibm
Circl	CVE-2025-13915	26 Dec 202514:43	–	circl
CNNVD	IBM API Connect 安全漏洞	26 Dec 202500:00	–	cnnvd
CVE	CVE-2025-13915	26 Dec 202513:16	–	cve
EUVD	EUVD-2025-205432	26 Dec 202513:16	–	euvd
NVD	CVE-2025-13915	26 Dec 202514:15	–	nvd
OSV	CVE-2025-13915	26 Dec 202514:15	–	osv
Positive Technologies	PT-2025-53583	17 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-13915	27 Dec 202513:38	–	redhatcve

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:api_connect:10.0.8.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:api_connect:10.0.8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:ibm:api_connect:10.0.11.0:*:*:*:*:*:*:*"
    ],
    "product": "API Connect",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "10.0.8.5",
        "status": "affected",
        "version": "10.0.8.0",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "10.0.11.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/7255149

26 Dec 2025 13:16Current

CVSS 3.19.8

EPSS0.08673

CWE-305