CVE-2025-13211
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-11

Last updated on: 2025-12-15

Assigner: IBM Corporation

Description
IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-11
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13211
EUVD
EUVD-2025-202870
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm aspera_orchestrator From 4.0.0 (inc) to 4.1.1 (exc)
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 allows an authenticated user to cause a denial of service in the email service by improperly controlling the frequency of interactions.

Impact Analysis

The vulnerability can lead to a denial of service in the email service, potentially disrupting email communications and related operations within the affected IBM Aspera Orchestrator environment.

Mitigation Strategies

The provided resources do not include specific mitigation steps for CVE-2025-13211. However, since the vulnerability affects IBM Aspera Orchestrator versions 4.0.0 through 4.1.0, an immediate step would be to upgrade to a later version where the issue is fixed, similar to the approach taken for related vulnerabilities. IBM strongly recommends deploying updated versions to remediate vulnerabilities in Aspera Orchestrator.

Mitigation Strategies

IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 are vulnerable. To mitigate this vulnerability, upgrade to IBM Aspera Orchestrator version 4.1.1 or later, as this version addresses similar vulnerabilities and is strongly recommended by IBM. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart