What is the CVSS score of CVE-2025-13459?

CVE-2025-13459 has a CVSS 3.1 base score of 2.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of IBM are affected by CVE-2025-13459?

CVE-2025-13459 is a low-severity vulnerability (CVSS 2.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

How to fix or mitigate CVE-2025-13459?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

IBM CVE-2025-13459

EUVD-2025-208658 LOW

Improper Enforcement of Behavioral Workflow (CWE-841)

2026-03-13 ibm

Denial Of Service IBM

2.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Mar 17, 2026 - 15:49 nvd

Patch available

EUVD ID Assigned

Mar 13, 2026 - 21:01 euvd

EUVD-2025-208658

Analysis Generated

Mar 13, 2026 - 21:01 vuln.today

CVE Published

Mar 13, 2026 - 19:54 nvd

LOW 2.7

DescriptionNVD

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.

Analysis

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Improper Enforcement of Behavioral Workflow (CWE-841).

RemediationAI

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

More from same product – last 7 days

CVE-2026-7524 CRITICAL Act Now

9.8 May 27

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr

CVE-2026-8175 CRITICAL Act Now

9.8 May 27

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra

CVE-2026-7876 CRITICAL Act Now

9.1 May 27

Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu

CVE-2026-5065 HIGH This Week

8.8 May 27

Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded

CVE-2026-8179 HIGH This Week

8.8 May 27

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)

CVE-2025-13459 vulnerability details – vuln.today

Back

IBM CVE-2025-13459

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code