CVE-2025-33136

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
MAID
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
ibmCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
VendorProductVersion
ibmaspera_faspex
5.0.0 ≤
𝑥
< 5.0.12.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.ibm.com/support/pages/node/7234114