CVE-2025-36225
published 2025-10-09CVE-2025-36225: IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
IBM Aspera 5.0.0 through 5.0.13.1
could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aspera_faspex | >= 5.0.0 < 5.0.14 | 5.0.14 |
| ibm | aspera_faspex | 5.0.0 – 5.0.13.1 | — |
| msrc | cm1_openldap_2.4.57-2_on_cbl_mariner_1.0 | — | — |