CVE-2025-13148

Summary

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow could an authenticated user to change the password of another user without prior knowledge of that password.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Orchestrator4.0.0 <= 4.1.0affected

Weaknesses

  • CWE-620: CWE-620 Unverified Password Change

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References