CVE-2025-13915

Critical

Published: 26 December 2025

Published

26 December 2025

Modified

31 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0048 65.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13915 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Ibm Api Connect. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 34.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the authentication bypass vulnerability by requiring timely identification, reporting, and correction of flaws such as this CVE through vendor patching.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations in accordance with policy, preventing unauthorized access resulting from authentication bypass.

IA-2 Identification and Authentication (Organizational Users) good match

prevent

Requires robust identification and authentication for users, addressing the core authentication mechanism bypass exploited in this CVE.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-13915 is an authentication bypass in IBM API Connect, a public-facing application, enabling remote exploitation for unauthorized access (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.

Deeper analysisAI

CVE-2025-13915 is an authentication bypass vulnerability (CWE-305) in IBM API Connect versions 10.0.8.0 through 10.0.8.5 and 10.0.11.0. Published on 2025-12-26, it enables a remote attacker to circumvent authentication mechanisms and obtain unauthorized access to the application. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact potential.

A remote attacker with no required privileges or user interaction can exploit this vulnerability over the network with low complexity. Successful exploitation allows the attacker to gain unauthorized access to the application, resulting in high impacts on confidentiality, integrity, and availability.

IBM provides details on the vulnerability, including mitigation and patch information, in its security advisory at https://www.ibm.com/support/pages/node/7255149. Security practitioners should consult this reference for version-specific remediation guidance.

Details

CWE(s): CWE-305

Affected Products

ibm

api connect

10.0.11.0 · 10.0.8.0 — 10.0.8.5

CVEs Like This One

CVE-2025-36386Same vendor: Ibm

CVE-2024-41787Same vendor: Ibm

CVE-2025-0975Same vendor: Ibm

CVE-2024-31903Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2025-3320Same vendor: Ibm

CVE-2025-36236Same vendor: Ibm

CVE-2025-3354Same vendor: Ibm

CVE-2026-1264Same vendor: Ibm

CVE-2026-1343Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7255149
Vendor Advisory · psirt@us.ibm.com