Permission Misconfiguration in IBM Aspera Faspex Affects User Access
CVE-2025-36228

3.8LOW

Key Information:

Vendor: IBM
Status: Aspera Faspex 5
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-36228?

IBM Aspera Faspex versions 5.0.0 through 5.0.14.1 exhibit a vulnerability related to inconsistent permissions between the user interface and backend API. This discrepancy may allow users to inadvertently access features that should be disabled, leading to potential misuse of the system. Organizations are advised to review their configurations and apply security patches to mitigate the risks associated with this issue.

Affected Version(s)

Aspera Faspex 5 5.0.0 <= 5.0.14.1

References

https://www.ibm.com/support/pages/node/7255331

vendor-advisorypatch

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Apr 15, 2025

JSON