CVE-2025-36229 LOW

CVE-2025-36229: Exposure of Sensitive System Information to an Unauthorized Control Sphere in IBM Aspera Faspex

Vendor Ibm
Product Aspera Faspex 5
Weakness CWE-497
Published December 26, 2025
Last update December 26, 2025

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.

Key dates

02Disclosure timeline

December 26, 2025 CVE published
December 26, 2025 Record updated