Summary
IBM released urgent fixes for a critical authentication bypass vulnerability (CVE-2025-13915) in API Connect that allows remote attackers to gain full system access without credentials.
Take Action:
If you are using API Connect, this is an urgent and important patch. Patch the system ASAP. Until you can patch, disable the self-service sign-up feature to block attackers from skipping the login. If possible, isolate the API Connect service from the public internet and make it accessible via trusted networks.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)