CVE-2025-33136 HIGH

CVE-2025-33136: IBM Aspera Faspex data modification

Vendor Ibm
Product Aspera Faspex
Weakness CWE-471
Published May 22, 2025
Last update August 26, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

Key dates

02Disclosure timeline

May 22, 2025 CVE published
August 26, 2025 Record updated