CVE-2025-13490
Last modified
CVE-2025-13490 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.11.2 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.11.3 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.12 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.12.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.12.2 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.12.3 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.12.4 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 12.0.12.5 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.1.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.1.1 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.2.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.2.1 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.2.2 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.3.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.3.1 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.4.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.4.1 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.4.2 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.5.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.5.1 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.5.2 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.6.0 | R1 |
| Ibm | App Connect Enterprise Certified Containers Operands | 13.0.6.1 | R1 |
| Ibm | App Connect Operator | >= 11.3.0, <= 11.6.0 | — |
| Ibm | App Connect Operator | >= 12.0.0, <= 12.0.20 | — |
| Ibm | App Connect Operator | >= 12.1.0, <= 12.20.1 | — |
References
- https://www.ibm.com/support/pages/node/7262271Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-13490?
How severe is CVE-2025-13490?
How do I fix CVE-2025-13490?
Are you affected by CVE-2025-13490?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST