CVE-2025-33138

CWE-80CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 73.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Faspex
Timeline
PublishedMay 22

Description

IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDibm/aspera_faspex5.0.05.0.12.1
CVEListV5ibm/aspera_faspex5.0.05.0.12

🔴Vulnerability Details

2
GHSA
GHSA-26fm-jh3j-2ww5: IBM Aspera Faspex 52025-05-22
CVEList
IBM Aspera Faspex HTML injection2025-05-22
CVE-2025-33138 (MEDIUM CVSS 6.1) | IBM Aspera Faspex 5.0.0 through 5.0 | cvebase.io