CVE-2025-13490

Q: What is the severity of CVE-2025-13490?

CVE-2025-13490 has a CVSS score of 5.9 (MEDIUM). IBM App Connect Enterprise Certified Container transmits sensitive data in clear text without encryption, allowing attackers to intercept information via man-in-the-middle attacks. This affects IBM App Connect Operator versions 11.3.0-11.6.0 and 12.1.0-12.20.0, plus specific container operand versions.

5.9 MEDIUM

📋 TL;DR

IBM App Connect Enterprise Certified Container transmits sensitive data in clear text without encryption, allowing attackers to intercept information via man-in-the-middle attacks. This affects IBM App Connect Operator versions 11.3.0-11.6.0 and 12.1.0-12.20.0, plus specific container operand versions.

💻 Affected Systems

Products:

IBM App Connect Operator
IBM App Connect Enterprise Certified Containers Operands

Versions: Operator: CD 11.3.0-11.6.0, 12.1.0-12.20.0; LTS 12.0.0-12.0.20. Operands: CD 12.0.11.2-r1-12.0.12.5-r1, 13.0.1.0-r1-13.0.6.1-r1; LTS 12.0.12-r1-12.0.12-r20

Operating Systems: Container-based deployments (Linux)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects container deployments using the vulnerable versions; traditional non-container deployments are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept authentication credentials, API keys, business data, or configuration secrets, leading to data breaches, unauthorized access, or system compromise.

🟠

Likely Case

Sensitive configuration data or application messages are captured, potentially exposing internal system details or business information.

🟢

If Mitigated

With network segmentation and encryption controls, impact is limited to potential exposure of non-critical data within trusted zones.

🌐 Internet-Facing: HIGH - Clear text transmission over internet exposes all transmitted data to interception.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still intercept sensitive data on internal networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires network access to intercept unencrypted traffic.

Exploitation requires attacker position to intercept network traffic; no authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to IBM App Connect Operator versions beyond affected ranges or apply IBM security patches as per advisory.

Vendor Advisory: https://www.ibm.com/support/pages/node/7262271

Restart Required: Yes

Instructions:

1. Review IBM advisory for specific patched versions. 2. Update IBM App Connect Operator to non-vulnerable version. 3. Update container operands to patched versions. 4. Restart affected containers and operators.

🔧 Temporary Workarounds

Enable TLS/SSL Encryption

all

Configure IBM App Connect to use TLS/SSL for all network communications to encrypt data in transit.

Configure via IBM App Connect administration console or configuration files to enable TLS/SSL.

Network Segmentation

all

Isolate IBM App Connect containers in protected network segments with strict access controls.

Use firewall rules, network policies, or VLANs to restrict traffic to/from containers.

🧯 If You Can't Patch

Implement network-level encryption (VPN, IPSec) for all traffic to/from containers.
Deploy network monitoring and intrusion detection to detect interception attempts.

🔍 How to Verify

Check if Vulnerable:

Check IBM App Connect Operator and container operand versions against affected ranges in advisory.

Check Version:

kubectl get pods -n <namespace> -o jsonpath='{.items[*].spec.containers[*].image}' | grep ibm-app-connect

Verify Fix Applied:

Verify updated versions are installed and test network traffic shows encrypted communications.

📡 Detection & Monitoring

Log Indicators:

Unusual network connection patterns, failed TLS handshake attempts

Network Indicators:

Clear text traffic on ports used by IBM App Connect, unexpected network sniffing tools

SIEM Query:

source="network_traffic" dest_port IN (7800, 7843, 9443) protocol="TCP" payload_contains_sensitive="true" encryption="none"

📊 Metadata

CVE ID: CVE-2025-13490

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

Published: March 3, 2026

Last Updated: March 4, 2026

🔗 References

https://www.ibm.com/support/pages/node/7262271 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Enterprise Certified Containers Operands by Ibm

App Connect Operator by Ibm

App Connect Operator by Ibm

App Connect Operator by Ibm

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Enable TLS/SSL Encryption

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities