CVE-2025-36228

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.

CVSS v3 3.8 LOW

3.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7255331	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-12-26 15:15

Updated : 2025-12-29 18:15

NVD link : CVE-2025-36228

Mitre link : CVE-2025-36228

CVE.ORG link : CVE-2025-36228

JSON object : View

Products Affected

ibm

aspera_faspex

CWE

CWE-279

Incorrect Execution-Assigned Permissions

3.8 /10