{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13491", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-11-20T21:11:07.402Z", "datePublished": "2026-02-05T13:55:21.838Z", "dateUpdated": "2026-02-05T14:46:23.152Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:app_connect_operator:cd:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*"], "product": "App Connect Operator", "vendor": "IBM", "versions": [{"lessThanOrEqual": "11.6.0, 12.1.0 - 12.19.012.0", "status": "affected", "version": "CD:11.2.0", "versionType": "semver"}, {"status": "affected", "version": "LTS:12.0.0 - 12.0.19"}]}, {"cpes": ["cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*"], "product": "App Connect EnterpriseCertified Containers Operands", "vendor": "IBM", "versions": [{"lessThanOrEqual": "r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.0-r112.0", "status": "affected", "version": "CD:12.0.11.1", "versionType": "semver"}, {"status": "affected", "version": "LTS:12.0.12-r1 - 12.0.12-r19"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b>&nbsp; </b><span style=\"background-color: rgb(255, 255, 255);\">IBM App Connect Enterprise Certified Container&nbsp;up to 12.19.0 (Continuous Delivery) and&nbsp;<strong>12.0 LTS (Long Term Support)</strong> could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.</span><br>"}], "value": "IBM App Connect Enterprise Certified Container\u00a0up to 12.19.0 (Continuous Delivery) and\u00a012.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-05T13:55:21.838Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7259746"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM strongly suggests the following:</p><p><strong>App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)</strong></p><p>Upgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. &nbsp;Documentation on the upgrade process is available at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\">https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator</a></p><p><br><strong>App Connect Enterprise Certified Container 12.0 LTS (Long Term Support)</strong></p><p>Upgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. &nbsp;Documentation on the upgrade process is available at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\">https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases</a></p><br>"}], "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases"}], "title": "IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p></p><div><p>Disable mapping assistance in the DesignerAuthoring component</p></div><br><p></p>"}], "value": "Disable mapping assistance in the DesignerAuthoring component"}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-05T14:46:00.445395Z", "id": "CVE-2025-13491", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:46:23.152Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13491", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-05T14:46:00.445395Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T14:46:15.328Z"}}], "cna": {"title": "IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality []", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:app_connect_operator:cd:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:app_connect_operator:11.6.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "App Connect Operator", "versions": [{"status": "affected", "version": "CD:11.2.0", "versionType": "semver", "lessThanOrEqual": "11.6.0, 12.1.0 - 12.19.012.0"}, {"status": "affected", "version": "LTS:12.0.0 - 12.0.19"}]}, {"cpes": ["cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:cd:12.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:app_connect_enterprisecertified_containers_operands:r1:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "App Connect EnterpriseCertified Containers Operands", "versions": [{"status": "affected", "version": "CD:12.0.11.1", "versionType": "semver", "lessThanOrEqual": "r1 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.6.0-r112.0"}, {"status": "affected", "version": "LTS:12.0.12-r1 - 12.0.12-r19"}]}], "solutions": [{"lang": "en", "value": "IBM strongly suggests the following:\n\nApp Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator \n\n\nApp Connect Enterprise Certified Container 12.0 LTS (Long Term Support)\n\nUpgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. \u00a0Documentation on the upgrade process is available at https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases", "supportingMedia": [{"type": "text/html", "value": "<p>IBM strongly suggests the following:</p><p><strong>App Connect Enterprise Certified Container up to 12.19.0 (Continuous Delivery)</strong></p><p>Upgrade to App Connect Enterprise Certified Container Operator version 12.20.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.6.1-r1 or higher. &nbsp;Documentation on the upgrade process is available at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator\">https://www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator</a></p><p><br><strong>App Connect Enterprise Certified Container 12.0 LTS (Long Term Support)</strong></p><p>Upgrade to App Connect Enterprise Certified Container Operator version 12.0.20 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r20 or higher. &nbsp;Documentation on the upgrade process is available at <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases\">https://www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases</a></p><br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7259746", "tags": ["vendor-advisory", "patch"]}], "workarounds": [{"lang": "en", "value": "Disable mapping assistance in the DesignerAuthoring component", "supportingMedia": [{"type": "text/html", "value": "<p></p><div><p>Disable mapping assistance in the DesignerAuthoring component</p></div><br><p></p>", "base64": false}]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM App Connect Enterprise Certified Container\u00a0up to 12.19.0 (Continuous Delivery) and\u00a012.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.", "supportingMedia": [{"type": "text/html", "value": "<b>&nbsp; </b><span style=\"background-color: rgb(255, 255, 255);\">IBM App Connect Enterprise Certified Container&nbsp;up to 12.19.0 (Continuous Delivery) and&nbsp;<strong>12.0 LTS (Long Term Support)</strong> could allow an attacker to access sensitive files or modify configurations due to an untrusted search path.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-02-05T13:55:21.838Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13491", "state": "PUBLISHED", "dateUpdated": "2026-02-05T14:46:23.152Z", "dateReserved": "2025-11-20T21:11:07.402Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-02-05T13:55:21.838Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "IBM App Connect Enterprise Certified Container\u00a0up to 12.19.0 (Continuous Delivery) and\u00a012.0 LTS (Long Term Support) could allow an attacker to access sensitive files or modify configurations due to an untrusted search path."}], "id": "CVE-2025-13491", "lastModified": "2026-02-05T14:57:20.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 2.5, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2026-02-05T14:16:03.940", "references": [{"source": "psirt@us.ibm.com", "url": "https://www.ibm.com/support/pages/node/7259746"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}