CVE-2025-33137

High

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on…

ibm·CWE-602·Published 2025-05-22

CVSS

8.8

EPSS

0.00

KEV

Exploits

Vendor statements (1)

ibm.com

cve.orgen

218 chars

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.

NVDes

252 chars

IBM Aspera Faspex 5.0.0 a 5.0.12 podría permitir que un usuario autenticado obtenga información confidencial o realice acciones no autorizadas en nombre de otro usuario debido a la aplicación de la seguridad del lado del servidor por parte del cliente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Secondary	NVD	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N