CVE-2025-36171 - Vulnerability Details - OpenCVE

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Aspera Faspex

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. ProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14 Linux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7247502

History

Thu, 09 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 09 Oct 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.
Title		IBM Aspera Faspex denial of service
First Time appeared		Ibm Ibm aspera Faspex
Weaknesses		CWE-770
CPEs		cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:::::::* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:::::::*
Vendors & Products		Ibm Ibm aspera Faspex
References		https://www.ibm.com/support/pages/node/7247502
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-10-09T13:57:51.884Z

Updated: 2025-10-09T14:15:08.708Z

Reserved: 2025-04-15T21:16:22.577Z

Link: CVE-2025-36171

Vulnrichment

Updated: 2025-10-09T14:15:05.293Z

NVD

Status : Awaiting Analysis

Published: 2025-10-09T14:15:54.747

Modified: 2025-10-09T15:50:04.013

Link: CVE-2025-36171

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36171", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:22.577Z", "datePublished": "2025-10-09T13:57:51.884Z", "dateUpdated": "2025-10-09T14:15:08.708Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Aspera Faspex", "vendor": "IBM", "versions": [{"lessThanOrEqual": "5.0.13.1", "status": "affected", "version": "5.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."}], "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u00a0could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-09T13:57:51.884Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7247502"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.</div><p> </p><div><table><tbody><tr><td><strong>Product</strong></td><td><strong>Fixing VRM</strong></td><td><strong>Platform</strong></td><td><strong>Link to Fix</strong></td></tr><tr><td>IBM Aspera Faspex</td><td><div>5.0.14</div></td><td>Linux</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+Faspex+Server&release=All&platform=All&function=fixId&fixids=ibm-aspera-faspex-5.0.14.8861.x86_64&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">click here</a></td></tr></tbody></table></div><p> </p>\n\n<br>"}], "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Aspera Faspex denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-09T14:15:01.801005Z", "id": "CVE-2025-36171", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T14:15:08.708Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36171", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-09T14:15:01.801005Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T14:15:05.293Z"}}], "cna": {"title": "IBM Aspera Faspex denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Aspera Faspex", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.13.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes", "supportingMedia": [{"type": "text/html", "value": "<div>IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.</div><p> </p><div><table><tbody><tr><td><strong>Product</strong></td><td><strong>Fixing VRM</strong></td><td><strong>Platform</strong></td><td><strong>Link to Fix</strong></td></tr><tr><td>IBM Aspera Faspex</td><td><div>5.0.14</div></td><td>Linux</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+Faspex+Server&release=All&platform=All&function=fixId&fixids=ibm-aspera-faspex-5.0.14.8861.x86_64&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">click here</a></td></tr></tbody></table></div><p> </p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7247502", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1\u00a0could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.", "supportingMedia": [{"type": "text/html", "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-09T13:57:51.884Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36171", "state": "PUBLISHED", "dateUpdated": "2025-10-09T14:15:08.708Z", "dateReserved": "2025-04-15T21:16:22.577Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-10-09T13:57:51.884Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}