CVE-2025-13214
published 2025-12-11CVE-2025-13214: IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aspera_orchestrator | >= 4.0.0 < 4.1.1 | 4.1.1 |
| ibm | aspera_orchestrator | 4.0.0 – 4.1.0 | — |