CVE-2025-13491 (GCVE-0-2025-13491)

Vulnerability from cvelistv5 – Published: 2026-02-05 13:55 – Updated: 2026-03-13 23:16
VLAI?
Title
IBM App Connect Enterprise Certified Container Information Disclosure
Summary
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
Severity ?
5.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE
Assigner
ibm
References
Impacted products
Vendor Product Version
IBM App Connect Enterprise Certified Container Affected: 11.2.0 , ≤ 11.6.0 (semver)
Affected: 12.1.0 , ≤ 12.19.0 (semver)
Affected: 12.0.0 , ≤ 12.0.19 (semver)
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*
    cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-05T14:46:00.445395Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-05T14:46:23.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "App Connect Enterprise Certified Container",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.6.0",
              "status": "affected",
              "version": "11.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.19.0",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.0.19",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003cspan\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;\u003c/span\u003eCD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u0026nbsp;\u003cspan\u003eand\u0026nbsp;\u003c/span\u003e12.0 LTS: 12.0.0 through 12.0.19\u003cspan\u003e\u0026nbsp;could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM App Connect Enterprise Certified Container\u00a0CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u00a0and\u00a012.0 LTS: 12.0.0 through 12.0.19\u00a0could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-13T23:16:33.682Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7259746"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM App Connect Enterprise Certified Container Information Disclosure",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Disable mapping assistance in the DesignerAuthoring component"
        }
      ],
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2025-13491",
    "datePublished": "2026-02-05T13:55:21.838Z",
    "dateReserved": "2025-11-20T21:11:07.402Z",
    "dateUpdated": "2026-03-13T23:16:33.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-13491\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2026-02-05T14:16:03.940\",\"lastModified\":\"2026-03-16T14:17:55.090\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM App Connect Enterprise Certified Container\u00a0CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u00a0and\u00a012.0 LTS: 12.0.0 through 12.0.19\u00a0could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\"},{\"lang\":\"es\",\"value\":\"IBM App Connect Enterprise Contenedor Certificado hasta 12.19.0 (Continuous Delivery) y 12.0 LTS (Long Term Support) podr\u00eda permitir a un atacante acceder a archivos sensibles o modificar configuraciones debido a una ruta de b\u00fasqueda no confiable.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@us.ibm.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"references\":[{\"url\":\"https://www.ibm.com/support/pages/node/7259746\",\"source\":\"psirt@us.ibm.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13491\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-05T14:46:00.445395Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-05T14:46:15.328Z\"}}], \"cna\": {\"title\": \"IBM App Connect Enterprise Certified Container Information Disclosure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*\", \"cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*\"], \"vendor\": \"IBM\", \"product\": \"App Connect Enterprise Certified Container\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.2.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.6.0\"}, {\"status\": \"affected\", \"version\": \"12.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.19.0\"}, {\"status\": \"affected\", \"version\": \"12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"12.0.19\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"IBM strongly suggests the following:\\n\\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\\n\\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \\u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \\n\\n\\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\\n\\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \\u00a0Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIBM strongly suggests the following:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\\\"\u003ehttps://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003cstrong\u003eApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u0026nbsp;Documentation on the upgrade process is available at \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\\\"\u003ehttps://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.ibm.com/support/pages/node/7259746\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Disable mapping assistance in the DesignerAuthoring component\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eDisable mapping assistance in the DesignerAuthoring component\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"ibm-cvegen\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"IBM App Connect Enterprise Certified Container\\u00a0CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\\u00a0and\\u00a012.0 LTS: 12.0.0 through 12.0.19\\u00a0could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cb\u003e\u0026nbsp;\u003c/b\u003e\u003cspan\u003eIBM App Connect Enterprise Certified Container\u0026nbsp;\u003c/span\u003eCD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0\u0026nbsp;\u003cspan\u003eand\u0026nbsp;\u003c/span\u003e12.0 LTS: 12.0.0 through 12.0.19\u003cspan\u003e\u0026nbsp;could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-426\", \"description\": \"CWE-426 Untrusted Search Path\"}]}], \"providerMetadata\": {\"orgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"shortName\": \"ibm\", \"dateUpdated\": \"2026-03-13T23:16:33.682Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-13491\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-13T23:16:33.682Z\", \"dateReserved\": \"2025-11-20T21:11:07.402Z\", \"assignerOrgId\": \"9a959283-ebb5-44b6-b705-dcc2bbced522\", \"datePublished\": \"2026-02-05T13:55:21.838Z\", \"assignerShortName\": \"ibm\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.