Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade IBM Aspera faspio Gateway from version 1.3.6 to version 1.3.7.

IBM has released version 1.3.7 as a fix for this vulnerability across multiple platforms including Windows, Linux (x86, PPC, zSeries), and Mac OSX.

No other workarounds or mitigations are provided other than applying the update.

Useful 0 Not Useful 0

Executive Summary

CVE-2025-14480 affects IBM Aspera faspio Gateway version 1.3.6 and is caused by the use of weaker than expected cryptographic algorithms, classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm).

This weakness could allow an attacker with local access and high attack complexity to decrypt highly sensitive information without requiring privileges or user interaction.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to the decryption of highly sensitive information by an attacker who has local access to the system.

This compromises the confidentiality of sensitive data, although it does not affect the integrity or availability of the system.

Because the attack requires local access and has high attack complexity, the risk is somewhat limited but still significant for environments where sensitive data is handled.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

I don't know

Useful 0 Not Useful 0