CVE-2025-13491 | THREATINT

Description

IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.

PUBLISHED Reserved 2025-11-20 | Published 2026-02-05 | Updated 2026-02-05 | Assigner ibm

MEDIUM: 5.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-426 Untrusted Search Path

Product status

CD:11.2.0 (semver)

affected

LTS:12.0.0 - 12.0.19

affected

CD:12.0.11.1 (semver)

affected

LTS:12.0.12-r1 - 12.0.12-r19

affected

References

www.ibm.com/support/pages/node/7259746 vendor-advisory patch

cve.org (CVE-2025-13491)

nvd.nist.gov (CVE-2025-13491)

Download JSON