SQL Injection Vulnerability in IBM Aspera Orchestrator
CVE-2025-13214

7.6HIGH

Key Information:

Vendor: IBM
Status: Aspera Orchestrator
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-13214?

IBM Aspera Orchestrator versions 4.0.0 to 4.1.0 are subject to a SQL injection vulnerability that can be exploited by remote attackers. By sending specially crafted SQL statements, attackers could gain unauthorized access to the database, allowing them to view, add, modify, or delete sensitive data stored in the back-end. Immediate action is recommended to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Aspera Orchestrator 4.0.0 <= 4.1.0

References

https://www.ibm.com/support/pages/node/7254434

vendor-advisorypatch

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Nov 14, 2025

JSON