CVE-2025-13211
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-13211, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-11

Last updated on: 2025-12-15

Assigner: IBM Corporation

Description

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-11
Last Modified
2025-12-15
Generated
2026-07-06
AI Q&A
2025-12-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
ibm aspera_orchestrator From 4.0.0 (inc) to 4.1.1 (exc)
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 are vulnerable. To mitigate this vulnerability, upgrade to IBM Aspera Orchestrator version 4.1.1 or later, as this version addresses similar vulnerabilities and is strongly recommended by IBM. [1]

Executive Summary

This vulnerability in IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 allows an authenticated user to cause a denial of service in the email service by improperly controlling the frequency of interactions.

Impact Analysis

The vulnerability can lead to a denial of service in the email service, potentially disrupting email communications and related operations within the affected IBM Aspera Orchestrator environment.

Mitigation Strategies

The provided resources do not include specific mitigation steps for CVE-2025-13211. However, since the vulnerability affects IBM Aspera Orchestrator versions 4.0.0 through 4.1.0, an immediate step would be to upgrade to a later version where the issue is fixed, similar to the approach taken for related vulnerabilities. IBM strongly recommends deploying updated versions to remediate vulnerabilities in Aspera Orchestrator.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart