Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in IBM API Connect

2 January 2026

IBM has released security updates addressing a critical vulnerability (CVE-2025-13915) in their API Connect platform.

Background

IBM has released security updates addressing a critical vulnerability (CVE-2025-13915) in their application programming interface (API) Connect platform. The vulnerability has a Common Vulnerability Scoring System (CVSS3.1) score of 9.8 out of 10.

Impact

Successful exploitation of the authentication vulnerability could allow a remote attacker to bypass authentication mechanisms and gain unauthorised access to the application.

Affected Products

The vulnerability affects the following product versions:

  • IBM API Connect V10.0.8.0 through V10.0.8.5

  • IBM API Connect V10.0.11.0

Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately.

If immediate patching is not feasible, administrators may consider disabling the self-service sign-up on their Developer Portal to minimise their exposure to this vulnerability.

References

https://www.ibm.com/support/pages/node/7255149

https://nvd.nist.gov/vuln/detail/CVE-2025-13915

https://www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/

Back to top