CVE-2025-13491
MEDIUMIBM App Connect Enterprise <12.19.0-12.0 - Info Disclosure
Title source: llmDescription
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.
References (1)
Core 1
Core References
Various Sources vendor-advisory
patch
https://www.ibm.com/support/pages/node/7259746
Scores
CVSS v3
5.1
EPSS
0.0015
EPSS Percentile
4.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-426
Status
published
Products (3)
IBM/App Connect Enterprise Certified Container
11.2.0 - 11.6.0
IBM/App Connect Enterprise Certified Container
12.0.0 - 12.0.19
IBM/App Connect Enterprise Certified Container
12.1.0 - 12.19.0
Published
Feb 05, 2026
Tracked Since
Feb 18, 2026