CVE-2025-36039

CWE-602CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 89.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Faspex
Timeline
PublishedJul 31

Description

IBM Aspera Faspex 5.0.0 through 5.0.12.1 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms,

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/aspera_faspex5.0.05.0.12.1
NVDibm/aspera_faspex5.0.05.0.12.1

🔴Vulnerability Details

2
GHSA
GHSA-jhrh-wrwc-j5hr: IBM Aspera Faspex 52025-07-31
CVEList
IBM Aspera Faspex bypass security2025-07-30

📋Vendor Advisories

1
Microsoft
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.2024-05-14
CVE-2025-36039 (MEDIUM CVSS 6.5) | IBM Aspera Faspex 5.0.0 through 5.0 | cvebase.io