I thought this was worth posting here so everyone is aware of it.
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.
The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.
"IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application," the tech giant said in a bulletin.
If you go to the page, you will find a link to the bug fix so it can be patched right away. I spoke with someone I work with and he had no idea this even happened. He was able to get the fix and everything is sorted now. This is a pretty bad threat so be aware!
I received an e-mail about this. I believe all customers were warned via e-mail but I am guessing a lot of these e-mails went to spam so it is always good to share information like this. Remote bugs of any kind could quickly become a massive problem.
I saw an update for this and it appears that it is currently under control. As long as you apply the fixes, it is not a concern. They are still urging people to do these though because of the vulnerabilities.