CVE-2025-13915 IBM API Connect Authentication Bypass

Authentication token validation failure in IBM API Connect gateway allowing unauthenticated remote attackers to bypass login and access all managed APIs without credentials.

Cyber News & Updates

IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations

IBM API Connect (CVSS 9.8) authentication bypass allows remote attackers to completely bypass login mechanisms and gain unauthorized access to centralized API gateways serving banks, airlines, and telecommunications companies. Affects…
Read more →

Peter Chofield

·

Jan 4, 2026

·

12–19 minutes

CVE-2025-13915 IBM API Connect Authentication Bypass

IBM API Connect CVE-2025-13915: Critical Authentication Bypass Affecting Enterprise API Gateways at Major Financial and Telecom Organizations