CVE-2025-13491

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.

CVSS v3 5.1 MEDIUM

5.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7259746

Configurations

No configuration.

History

16 Mar 2026, 14:17

Type	Values Removed	Values Added
Summary		(es) IBM App Connect Enterprise Contenedor Certificado hasta 12.19.0 (Continuous Delivery) y 12.0 LTS (Long Term Support) podría permitir a un atacante acceder a archivos sensibles o modificar configuraciones debido a una ruta de búsqueda no confiable.
Summary	(en) IBM App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery) and 12.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.	(en) IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.

05 Feb 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-05 14:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-13491

Mitre link : CVE-2025-13491

CVE.ORG link : CVE-2025-13491

JSON object : View

Products Affected

No product.

CWE

CWE-426

Untrusted Search Path

5.1 /10