CVE-2025-66487
Rate Limiting Bypass in IBM Aspera Shares Causes Email Flooding
Publication date: 2026-04-01
Last updated on: 2026-04-03
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | aspera_shares | From 1.9.9 (inc) to 1.11.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
IBM Aspera Shares versions 1.9.9 through 1.11.0 have a vulnerability where the system does not properly limit how often an authenticated user can send emails.
Because of this, a user could send a large number of emails in a short period, potentially overwhelming the email system.
How can this vulnerability impact me? :
This vulnerability could lead to email flooding, where the email system is overwhelmed by a high volume of emails sent by an authenticated user.
Such flooding could cause a denial of service, making the email functionality unavailable or degraded for legitimate users.