CVE-2025-36225

CWE-203CWE-4154 documents4 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 91.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Faspex
Timeline
PublishedOct 9

Description

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/aspera_faspex5.0.05.0.14
CVEListV5ibm/aspera_faspex5.0.05.0.13.1

🔴Vulnerability Details

2
GHSA
GHSA-j9vj-g2jh-wq6v: IBM Aspera 52025-10-09
CVEList
IBM Aspera Faspex information disclosure2025-10-09

📋Vendor Advisories

1
Microsoft
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing resulting in denial of service.2021-01-12
CVE-2025-36225 (MEDIUM CVSS 4.3) | IBM Aspera 5.0.0 through 5.0.13.1 c | cvebase.io