CVE-2025-33137

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
References
Link Resource
https://www.ibm.com/support/pages/node/7234114 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

30 May 2025, 01:19

Type Values Removed Values Added
CWE NVD-CWE-Other
First Time Linux linux Kernel
Linux
Ibm aspera Faspex
Ibm
CPE cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
References () https://www.ibm.com/support/pages/node/7234114 - () https://www.ibm.com/support/pages/node/7234114 - Vendor Advisory

23 May 2025, 15:55

Type Values Removed Values Added
Summary
  • (es) IBM Aspera Faspex 5.0.0 a 5.0.12 podría permitir que un usuario autenticado obtenga información confidencial o realice acciones no autorizadas en nombre de otro usuario debido a la aplicación de la seguridad del lado del servidor por parte del cliente.

22 May 2025, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-22 17:15

Updated : 2025-05-30 01:19


NVD link : CVE-2025-33137

Mitre link : CVE-2025-33137

CVE.ORG link : CVE-2025-33137


JSON object : View

Products Affected

ibm

  • aspera_faspex

linux

  • linux_kernel
CWE
CWE-602

Client-Side Enforcement of Server-Side Security

NVD-CWE-Other