January 2, 2026 By Pierluigi Paganini
IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass.
IBM addressed a critical API Connect vulnerability, tracked as CVE-2025-13915 (CVSS score of 9.8) that allows remote access via an authentication bypass.
API Connect is IBM’s API management platform. It’s used by organizations to create, secure, manage, publish, and monitor APIs across their environments.
The vulnerability is a potential authentication bypass in IBM API Connect that was discovered during internal testing.
“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.” reads the advisory.
The flaw impacts the following products and versions:
| Affected Product(s) | Version(s) |
| API Connect | V10.0.8.0-V10.0.8.5 |
| API Connect | V10.0.11.0 |