{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-13491","assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","state":"PUBLISHED","assignerShortName":"ibm","dateReserved":"2025-11-20T21:11:07.402Z","datePublished":"2026-02-05T13:55:21.838Z","dateUpdated":"2026-03-13T23:16:33.682Z"},"containers":{"cna":{"providerMetadata":{"orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm","dateUpdated":"2026-03-13T23:16:33.682Z"},"title":"IBM App Connect Enterprise Certified Container Information Disclosure","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-426","description":"CWE-426 Untrusted Search Path","type":"CWE"}]}],"affected":[{"vendor":"IBM","product":"App Connect Enterprise Certified Container","versions":[{"status":"affected","version":"11.2.0","lessThanOrEqual":"11.6.0","versionType":"semver"},{"status":"affected","version":"12.1.0","lessThanOrEqual":"12.19.0","versionType":"semver"},{"status":"affected","version":"12.0.0","lessThanOrEqual":"12.0.19","versionType":"semver"}],"defaultStatus":"unaffected","cpes":["cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.2:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.3:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.4:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.5:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:11.6:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.0:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.1:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.2:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.3:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.4:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.5:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.6:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.7:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.8:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.9:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.10:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.11:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.12:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.13:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.14:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.15:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.16:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.17:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.18:-:*:*:*:*:*:*","cpe:2.3:a:ibm:app_connect_enterprise_certified_container:12.19:-:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.","supportingMedia":[{"type":"text/html","base64":false,"value":"<b>&nbsp;</b><span>IBM App Connect Enterprise Certified Container&nbsp;</span>CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0&nbsp;<span>and&nbsp;</span>12.0 LTS: 12.0.0 through 12.0.19<span>&nbsp;could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.</span><br>"}]}],"references":[{"url":"https://www.ibm.com/support/pages/node/7259746","tags":["vendor-advisory","patch"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":5.1,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}],"workarounds":[{"lang":"en","value":"Disable mapping assistance in the DesignerAuthoring component","supportingMedia":[{"type":"text/html","base64":false,"value":"<p></p><div><p>Disable mapping assistance in the DesignerAuthoring component</p></div><br><p></p>"}]}],"solutions":[{"lang":"en","value":"IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher.  Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher.  Documentation on the upgrade process is available at  https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>IBM strongly suggests the following:</p><p><strong>App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)</strong></p><p>Upgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. &nbsp;Documentation on the upgrade process is available at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\">https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator</a></p><p><br><strong>App Connect Enterprise Certified Container 12.0 LTS (Long Term Support)</strong></p><p>Upgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. &nbsp;Documentation on the upgrade process is available at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\">https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases</a></p><br>"}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"ibm-cvegen"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-05T14:46:00.445395Z","id":"CVE-2025-13491","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-05T14:46:23.152Z"}}]}}