Denial of Service Vulnerability in IBM Aspera Orchestrator Software
CVE-2025-13211

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Aspera Orchestrator
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-13211?

IBM Aspera Orchestrator versions 4.0.0 through 4.1.0 have a vulnerability that allows an authenticated user to exploit improper control of interaction frequency, potentially leading to a denial of service condition affecting the email service. This flaw can disrupt normal operation and hinder communications reliant on the service, making it crucial for organizations using these software versions to apply necessary patches to mitigate risks.

Affected Version(s)

Aspera Orchestrator 4.0.0 <= 4.1.0

References

https://www.ibm.com/support/pages/node/7254434

vendor-advisorypatch

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Nov 14, 2025

JSON