EUVD-2025-209172

| CVE-2025-13916 MEDIUM
2026-04-01 ibm GHSA-4f66-hqm2-85m5
5.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Apr 01, 2026 - 21:15 euvd
EUVD-2025-209172
Analysis Generated
Apr 01, 2026 - 21:15 vuln.today
Patch Released
Apr 01, 2026 - 21:15 nvd
Patch available
CVE Published
Apr 01, 2026 - 20:46 nvd
MEDIUM 5.9

Tags

Information Disclosure IBM

Description

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Analysis

IBM Aspera Shares versions 1.9.9 through 1.11.0 implements insufficient cryptographic strength that permits remote attackers without authentication to decrypt sensitive information. The vulnerability stems from use of weaker-than-expected cryptographic algorithms, allowing confidentiality breach of data protected by the application. A vendor patch is available.

Technical Context

This vulnerability is rooted in CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), indicating that IBM Aspera Shares relies on cryptographic functions with reduced security margins. Rather than a complete cryptographic failure, the implementation uses algorithms or key strengths below industry expectations for the sensitivity of data being protected. The Aspera file transfer platform handles large-scale data movement and typically manages business-critical or confidential information, making cryptographic strength a core security requirement. The vulnerability affects the data encryption layer that protects information in transit or at rest within the affected versions.

Affected Products

IBM Aspera Shares versions 1.9.9 through 1.11.0 are affected, as identified by CPE cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*. Versions prior to 1.9.9 and versions after 1.11.0 are not impacted by this specific cryptographic weakness. Organizations running Aspera Shares within the affected range should prioritize assessment and remediation.

Remediation

Upgrade IBM Aspera Shares to a version beyond 1.11.0 where the cryptographic algorithms have been strengthened. Consult the vendor advisory at https://www.ibm.com/support/pages/node/7267848 for exact patched version designation and deployment guidance. If immediate upgrade is not feasible, review network access controls to restrict Aspera Shares endpoints to trusted networks and implement additional encryption layers (such as VPN or TLS hardening) to reduce the attack surface. Do not delay patching, as the vulnerability allows remote decryption of sensitive data without authentication.

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

EUVD-2025-209172 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy