Authentication

IBM has disclosed details about a critical security flaw in its API Connect product that could allow remote attackers to gain unauthorized access to the application. Vulnerability Details The vulnerability, identified as CVE-2025-13915, has received a score of 9.8 out of 10.0 in the CVSS rating system, classifying it as critical. It is described as an authentication bypass failure. IBM has stated in a bulletin that “IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.” ...

Mattermost Critical Vulnerability Summary A default configuration in Mattermost, an open source collaboration platform used by enterprises and government agencies, exposes deployments to critical Account Takeover risk. The vulnerability, identified as CVE-2025-12421, allows an attacker, via a single request, to hijack any user account on the system. Technical Details of CVE-2025-12421 The flaw lies in Mattermost’s authentication flow, specifically its handling of switching between different authentication methods (such as email/password to OAuth). The problem is in the /users/login/sso/code-exchange endpoint. ...