CVE-2025-13211
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-15
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | aspera_orchestrator | From 4.0.0 (inc) to 4.1.1 (exc) |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 allows an authenticated user to cause a denial of service in the email service by improperly controlling the frequency of interactions.
How can this vulnerability impact me? :
The vulnerability can lead to a denial of service in the email service, potentially disrupting email communications and related operations within the affected IBM Aspera Orchestrator environment.
What immediate steps should I take to mitigate this vulnerability?
The provided resources do not include specific mitigation steps for CVE-2025-13211. However, since the vulnerability affects IBM Aspera Orchestrator versions 4.0.0 through 4.1.0, an immediate step would be to upgrade to a later version where the issue is fixed, similar to the approach taken for related vulnerabilities. IBM strongly recommends deploying updated versions to remediate vulnerabilities in Aspera Orchestrator.
What immediate steps should I take to mitigate this vulnerability?
IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 are vulnerable. To mitigate this vulnerability, upgrade to IBM Aspera Orchestrator version 4.1.1 or later, as this version addresses similar vulnerabilities and is strongly recommended by IBM. [1]