CVE-2025-36225 - Vulnerability Details - OpenCVE

IBM Aspera 5.0.0 through 5.0.13.1

could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Aspera Faspex

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below. ProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14 Linux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7247502

History

Thu, 09 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 09 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.
Title		IBM Aspera Faspex information disclosure
First Time appeared		Ibm Ibm aspera Faspex
Weaknesses		CWE-203
CPEs		cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:::::::* cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:::::::*
Vendors & Products		Ibm Ibm aspera Faspex
References		https://www.ibm.com/support/pages/node/7247502
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-10-09T13:56:19.270Z

Updated: 2025-10-09T14:43:28.382Z

Reserved: 2025-04-15T21:16:41.802Z

Link: CVE-2025-36225

Vulnrichment

Updated: 2025-10-09T14:43:25.283Z

NVD

Status : Awaiting Analysis

Published: 2025-10-09T14:15:54.913

Modified: 2025-10-09T15:50:04.013

Link: CVE-2025-36225

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-36225", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:41.802Z", "datePublished": "2025-10-09T13:56:19.270Z", "dateUpdated": "2025-10-09T14:43:28.382Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Aspera Faspex", "vendor": "IBM", "versions": [{"lessThanOrEqual": "5.0.13.1", "status": "affected", "version": "5.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Aspera 5<span style=\"background-color: rgb(255, 255, 255);\">.0.0 through 5.0.13.1 </span>\n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."}], "value": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-09T13:56:19.270Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7247502"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.</div><p> </p><div><table><tbody><tr><td><strong>Product</strong></td><td><strong>Fixing VRM</strong></td><td><strong>Platform</strong></td><td><strong>Link to Fix</strong></td></tr><tr><td>IBM Aspera Faspex</td><td><div>5.0.14</div></td><td>Linux</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+Faspex+Server&release=All&platform=All&function=fixId&fixids=ibm-aspera-faspex-5.0.14.8861.x86_64&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">click here</a></td></tr></tbody></table></div><p> </p>\n\n<br>"}], "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Aspera Faspex information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-09T14:43:19.829682Z", "id": "CVE-2025-36225", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T14:43:28.382Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36225", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-09T14:43:19.829682Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T14:43:25.283Z"}}], "cna": {"title": "IBM Aspera Faspex information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_faspex:5.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_faspex:5.0.13.1:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Aspera Faspex", "versions": [{"status": "affected", "version": "5.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.13.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.\n\n\u00a0\n\nProductFixing VRMPlatformLink to FixIBM Aspera Faspex5.0.14\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/downloadFixes", "supportingMedia": [{"type": "text/html", "value": "<div>IBM strongly recommends addressing the vulnerabilities now by upgrading to Faspex 5.0.14 available from the link below.</div><p> </p><div><table><tbody><tr><td><strong>Product</strong></td><td><strong>Fixing VRM</strong></td><td><strong>Platform</strong></td><td><strong>Link to Fix</strong></td></tr><tr><td>IBM Aspera Faspex</td><td><div>5.0.14</div></td><td>Linux</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/IBM+Aspera+Faspex+Server&release=All&platform=All&function=fixId&fixids=ibm-aspera-faspex-5.0.14.8861.x86_64&includeRequisites=1&includeSupersedes=0&downloadMethod=http\">click here</a></td></tr></tbody></table></div><p> </p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7247502", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Aspera 5.0.0 through 5.0.13.1 \n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.", "supportingMedia": [{"type": "text/html", "value": "IBM Aspera 5<span style=\"background-color: rgb(255, 255, 255);\">.0.0 through 5.0.13.1 </span>\n\ncould disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-09T13:56:19.270Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36225", "state": "PUBLISHED", "dateUpdated": "2025-10-09T14:43:28.382Z", "dateReserved": "2025-04-15T21:16:41.802Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-10-09T13:56:19.270Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}