What is the severity of CVE-2025-1993?

CVE-2025-1993 has a high severity rating due to the potential for unauthorized access to sensitive data.

How do I fix CVE-2025-1993?

To fix CVE-2025-1993, update your IBM App Connect Enterprise Certified Container to the latest version that addresses this vulnerability.

What versions of IBM products are affected by CVE-2025-1993?

CVE-2025-1993 affects IBM App Connect Enterprise Certified Container versions from 8.1 to 12.10 and related products within specific version ranges.

What are the potential impacts of CVE-2025-1993?

The potential impacts of CVE-2025-1993 include exposure of sensitive flow data and possible unauthorized access to the database.

How can I assess if CVE-2025-1993 impacts my system?

To assess if CVE-2025-1993 impacts your system, check the versions of your IBM App Connect products against the known affected versions.

Vulnerability/
CVE-2025-1993

medium

5.1

CWE

521

9/5/2025

CVE-2025-1993: IBM App Connect Enterprise Certified Container information disclosure

First published: Fri May 09 2025(Updated: )

BM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, 12.8, 12.9, and 12.10 DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM App Connect Enterprise	>=8.1<=12.10
IBM App Connect	<=CD: 8.1.0 - 11.6.0, 12.1.0 - 12.10.0 12.0 LTS: 12.0.0 - 12.0.10
IBM App Connect Enterprise	<=CD: 12.0.7.0-r4 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.2.2-r2 12.0 LTS: 12.0.12-r1 - 12.0.12-r10

Remedy

IBM strongly suggests the following: App Connect Enterprise Certified Container up to 12.10.0 (Continuous Delivery) Upgrade to App Connect Enterprise Certified Container Operator version 12.11.0 or higher, and ensure that all DesignerAuthoring components are at 13.0.3.0-r1 or higher. Documentation on the upgrade process is available at www.ibm.com/docs/en/app-connect/13.0?topic=releases-upgrading-operator http://www.ibm.com/docs/en/app-connect/13.0 App Connect Enterprise Certified Container 12.0 LTS (Long Term Support) Upgrade to App Connect Enterprise Certified Container Operator version 12.0.11 or higher, and ensure that all DesignerAuthoring components are at 12.0.12-r11 or higher. Documentation on the upgrade process is available at www.ibm.com/docs/en/app-connect/12.0?topic=umfpr-upgrading-operator-releases http://www.ibm.com/docs/en/app-connect/12.0

Never miss a vulnerability like this again

Reference Links

https://www.ibm.com/support/pages/node/7233054 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

IBM-7233054

Frequently Asked Questions

What is the severity of CVE-2025-1993?
CVE-2025-1993 has a high severity rating due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2025-1993?
To fix CVE-2025-1993, update your IBM App Connect Enterprise Certified Container to the latest version that addresses this vulnerability.
What versions of IBM products are affected by CVE-2025-1993?
CVE-2025-1993 affects IBM App Connect Enterprise Certified Container versions from 8.1 to 12.10 and related products within specific version ranges.
What are the potential impacts of CVE-2025-1993?
The potential impacts of CVE-2025-1993 include exposure of sensitive flow data and possible unauthorized access to the database.
How can I assess if CVE-2025-1993 impacts my system?
To assess if CVE-2025-1993 impacts your system, check the versions of your IBM App Connect products against the known affected versions.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/type
agent/remedy
agent/references
agent/guess-ai
agent/software-canonical-lookup
agent/first-publish-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/severity
agent/source
agent/author
agent/tags
agent/description
agent/event
vendor/ibm
canonical/ibm app connect enterprise
canonical/ibm app connect
version/ibm app connect/cd: 8.1.0 - 11.6.0, 12.1.0 - 12.10.0 12.0 lts: 12.0.0 - 12.0.10
version/ibm app connect enterprise/cd: 12.0.7.0-r4 - 12.0.12.5-r1, 13.0.1.0-r1 - 13.0.2.2-r2 12.0 lts: 12.0.12-r1 - 12.0.12-r10

Frequently Asked Questions

What is the severity of CVE-2025-1993?
CVE-2025-1993 has a high severity rating due to the potential for unauthorized access to sensitive data.
How do I fix CVE-2025-1993?
To fix CVE-2025-1993, update your IBM App Connect Enterprise Certified Container to the latest version that addresses this vulnerability.
What versions of IBM products are affected by CVE-2025-1993?
CVE-2025-1993 affects IBM App Connect Enterprise Certified Container versions from 8.1 to 12.10 and related products within specific version ranges.
What are the potential impacts of CVE-2025-1993?
The potential impacts of CVE-2025-1993 include exposure of sensitive flow data and possible unauthorized access to the database.
How can I assess if CVE-2025-1993 impacts my system?
To assess if CVE-2025-1993 impacts your system, check the versions of your IBM App Connect products against the known affected versions.

CVE-2025-1993: IBM App Connect Enterprise Certified Container information disclosure

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-1993?

How do I fix CVE-2025-1993?

What versions of IBM products are affected by CVE-2025-1993?

What are the potential impacts of CVE-2025-1993?

How can I assess if CVE-2025-1993 impacts my system?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2025-1993?

How do I fix CVE-2025-1993?

What versions of IBM products are affected by CVE-2025-1993?

What are the potential impacts of CVE-2025-1993?

How can I assess if CVE-2025-1993 impacts my system?