CVE-2025-14480
Awaiting Analysis Awaiting Analysis - Queue

Weak Cryptography in IBM Aspera faspio Gateway 1.3.6 Enables Data Decryption

Vulnerability report for CVE-2025-14480, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-03

Last updated on: 2026-03-05

Assigner: IBM Corporation

Description

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-03
Last Modified
2026-03-05
Generated
2026-07-06
AI Q&A
2026-03-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ibm aspera_faspio_gateway 1.3.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade IBM Aspera faspio Gateway from version 1.3.6 to version 1.3.7.

IBM has released version 1.3.7 as a fix for this vulnerability across multiple platforms including Windows, Linux (x86, PPC, zSeries), and Mac OSX.

No other workarounds or mitigations are provided other than applying the update.

Executive Summary

CVE-2025-14480 affects IBM Aspera faspio Gateway version 1.3.6 and is caused by the use of weaker than expected cryptographic algorithms, classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm).

This weakness could allow an attacker with local access and high attack complexity to decrypt highly sensitive information without requiring privileges or user interaction.

Impact Analysis

The vulnerability can lead to the decryption of highly sensitive information by an attacker who has local access to the system.

This compromises the confidentiality of sensitive data, although it does not affect the integrity or availability of the system.

Because the attack requires local access and has high attack complexity, the risk is somewhat limited but still significant for environments where sensitive data is handled.

Compliance Impact

I don't know

Detection Guidance

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14480. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart