IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.

The vulnerability, tracked as CVE-2025–13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.

“IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application,” the tech giant said in a bulletin.