CVE-2025-33137 HIGH

CVE-2025-33137: IBM Aspera Faspex data modification

Vendor Ibm
Product Aspera Faspex
Weakness CWE-602 · Client-side enforcement
Published May 22, 2025
Last update August 26, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.

Key dates

02Disclosure timeline

May 22, 2025 CVE published
August 26, 2025 Record updated