← back
CVE-2025-33137

IBM Aspera Faspex data modification

CVSS 7.1 HIGHEPSS 0.3%CWE-602
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
22 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected products
IBM · Aspera Faspex

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.ibm.com/support/pages/node/7234114