CVE-2025-66487
Multiple vulnerabilities have been addressed in IBM Aspera Shares
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 2.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
01 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Affected products
IBM · Aspera SharesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →