CVE-2025-13491 is a vulnerability identified in IBM App Connect Enterprise Certified Container editions spanning versions 11.2.0 through 11.6.0, 12.1.0 through 12.19.0, and the 12.0 LTS series 12.0.0 through 12.0.19. The root cause is an untrusted search path (CWE-426), a security weakness where the software improperly searches for executable files or configuration files in directories that are not securely controlled. This can allow an attacker with local access to the container host or environment to place malicious files or manipulate the search path, causing the application to load unintended executables or configurations. Such manipulation can lead to unauthorized disclosure or modification of sensitive data and configurations within the container environment. The vulnerability has a CVSS v3.1 base score of 5.1, indicating medium severity, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope is unchanged (S:U), and the impact affects confidentiality and integrity to a limited extent (C:L, I:L), with no impact on availability (A:N). No public exploits or active exploitation have been reported to date. The vulnerability highlights the importance of secure path handling in containerized enterprise middleware solutions, especially those widely deployed in critical business integration scenarios.

The vulnerability could allow a local attacker to gain unauthorized access to sensitive files or modify configuration settings within the IBM App Connect Enterprise container environment. This can compromise the confidentiality and integrity of data processed or stored by the containerized middleware, potentially leading to data leakage or unauthorized changes that affect business processes. While the attack requires local access, in environments where multiple users share container hosts or where container environments are not properly isolated, the risk increases. The lack of requirement for user interaction or privileges lowers the barrier for exploitation once local access is obtained. However, the absence of availability impact means system uptime is not directly threatened. Organizations relying on IBM App Connect Enterprise for critical integration tasks may face operational risks and compliance issues if this vulnerability is exploited.

To mitigate CVE-2025-13491, organizations should apply patches or updates from IBM as they become available. In the absence of patches, administrators should ensure that the container runtime environment enforces strict directory permissions and ownership to prevent unauthorized file placement in search paths. Employ container security best practices such as running containers with the least privilege, isolating container environments, and restricting local user access to container hosts. Regularly audit and monitor file system changes within container directories to detect suspicious activity. Additionally, implement application whitelisting or integrity verification mechanisms to ensure only trusted executables and configurations are loaded. Network segmentation and access controls can further reduce the risk by limiting who can gain local access to container hosts.