CVE-2025-36225
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: IBM Corporation
Description
Description
IBM Aspera 5.0.0 through 5.0.13.1
could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | aspera_faspex | From 5.0.0 (inc) to 5.0.14 (exc) |
| microsoft | windows | * |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-203 | The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Aspera versions 5.0.0 through 5.0.13.1 allows an authenticated user to potentially access sensitive user information due to differences in the data returned by the system, which can be observed and exploited.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive user information to authenticated users, potentially compromising user privacy and data confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70