CNNVD-202510-1287 Information

CNNVD ID

CNNVD-202510-1287

Related CVE

CVE-2025-36225

• CNNVD Published: 2025-10-09

Description (Chinese)

IBM Aspera是美国国际商业机器（IBM）公司的一套基于IBM FASP协议构建的快速文件传输和流解决方案。 IBM Aspera 5.0.0版本至5.0.13.1版本存在安全漏洞，该漏洞源于返回数据存在可观察差异，可能导致敏感用户信息泄露。

Description (English)

IBM Aspera is a fast-track file transfer and flow solution based on the IBM FASP protocol for the United States International Business Machine (IBM). There is a security gap between IBM Aspera versions 5.0.0 to 5.0.13.1, which stems from the observational differences in the return data, which may lead to the disclosure of sensitive user information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

国际商业机器

Published

2025-10-09

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7247502 https://access.redhat.com/security/cve/cve-2025-36225

Patch

https://www.ibm.com/support/pages/node/7247502