CVE-2025-33136

High

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…

ibm·CWE-471·Published 2025-05-22

CVSS

8.8

EPSS

0.00

KEV

Exploits

Vendor statements (1)

ibm.com

cve.orgen

216 chars

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

NVDes

237 chars

IBM Aspera Faspex 5.0.0 a 5.0.12 podría permitir que un usuario autenticado obtenga información confidencial o realice acciones no autorizadas en nombre de otro usuario debido a la protección inadecuada de datos supuestamente inmutables.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Secondary	NVD	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N