CVE-2025-36227

CWE-644CWE-8355 documents5 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 91.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Aspera FaspexIBM Aspera Faspex 5
Timeline
PublishedMar 10

Description

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDibm/aspera_faspex5.0.05.0.15
CVEListV5ibm/aspera_faspex_55.0.05.0.14.3

🔴Vulnerability Details

2
GHSA
GHSA-4cv3-8w5r-6g5r: IBM Aspera Faspex 5 52026-03-10
CVEList
Multiple vulnerabilities in IBM Aspera Faspex2026-03-10

📋Vendor Advisories

1
Microsoft
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation resulting in denial of service.2021-01-12

🕵️Threat Intelligence

1
Wiz
CVE-2025-36227 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-36227 (MEDIUM CVSS 5.4) | IBM Aspera Faspex 5 5.0.0 through 5 | cvebase.io