Aspera Orchestrator
CVE-2025-13219
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
AnalysisAI
Aspera Orchestrator versions up to 4.1.2 contains a vulnerability that allows attackers to information disclosure if unauthorized parties have access to the URLs via serve (CVSS 5.9).
Technical ContextAI
exists in the URL component. IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Aspera Orchestrator
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today