HTTP Header Injection Vulnerability in IBM Aspera Orchestrator
CVE-2025-13213
5.4MEDIUM
What is CVE-2025-13213?
IBM Aspera Orchestrator versions 3.0.0 through 4.1.2 are susceptible to an HTTP header injection vulnerability due to insufficient validation of input within the HOST headers. This flaw can potentially enable attackers to execute various techniques such as cross-site scripting, cache poisoning, or session hijacking, posing significant risks to system integrity and user data safety.
Affected Version(s)
Aspera Orchestrator 3.0.0 <= 4.1.2