CVE-2025-13219 MEDIUM

CVE-2025-13219: Multiple vulnerabilities in IBM Aspera Orchestrator

Vendor Ibm
Product Aspera Orchestrator
Weakness CWE-598
Published March 10, 2026
Last update March 11, 2026

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 11, 2026 Record updated