CVE-2025-66483

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 92.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Aspera Shares
Timeline
PublishedApr 1
Latest updateApr 2

Description

IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm/aspera_shares1.9.91.11.0
NVDibm/aspera_shares1.9.91.11.0

🔴Vulnerability Details

2
GHSA
GHSA-4rp7-5w2x-wwvh: IBM Aspera Shares 12026-04-02
CVEList
Multiple vulnerabilities have been addressed in IBM Aspera Shares2026-04-01
CVE-2025-66483 (MEDIUM CVSS 6.5) | IBM Aspera Shares 1.9.9 through 1.1 | cvebase.io