CVE-2025-36228

Summary

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.

Affected Software

VendorProductVersion RangeStatus
IBMAspera Faspex 55.0.0 <= 5.0.14.1affected

Weaknesses

  • CWE-279: CWE-279 Incorrect Execution-Assigned Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References