CVE-2025-36228 LOW

CVE-2025-36228: Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

Vendor Ibm
Product Aspera Faspex 5
Weakness CWE-279
Published December 26, 2025
Last update December 26, 2025

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.

Key dates

02Disclosure timeline

December 26, 2025 CVE published
December 26, 2025 Record updated