CVE-2025-36171Allocation of Resources Without Limits or Throttling in IBM Aspera Faspex

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 79.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Faspex
Timeline
PublishedOct 9

Description

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDibm/aspera_faspex5.0.05.0.14
CVEListV5ibm/aspera_faspex5.0.05.0.13.1

🔴Vulnerability Details

2
CVEList
IBM Aspera Faspex denial of service2025-10-09
GHSA
GHSA-cc88-pf3q-mxp4: IBM Aspera Faspex 52025-10-09
CVE-2025-36171 — IBM Aspera Faspex vulnerability | cvebase