CVE-2025-13925

# CVE-2025-13925 PoC - IBM Aspera Console Log Information Disclosure # This PoC demonstrates the vulnerability where sensitive information is stored in log files import os import re from pathlib import Path def check_aspera_console_logs(): """ Check for IBM Aspera Console log files that may contain sensitive information. This PoC simulates the vulnerability check for CVE-2025-13925 """ # Common log locations for IBM Aspera Console log_paths = [ '/var/log/aspera/console/', '/opt/aspera/console/logs/', 'C:\\Program Files\\Aspera\\Console\\logs\\', os.path.expanduser('~/.aspera/console/logs/') ] # Sensitive patterns that should not appear in logs sensitive_patterns = [ r'password[=:]\s*\S+', r'token[=:]\s*\S+', r'api[_-]?key[=:]\s*\S+', r'secret[=:]\s*\S+', r'Bearer\s+\S+', r'Authorization:\s*\S+', r'connection[_-]?string[=:]\s*\S+' ] findings = [] for log_path in log_paths: if os.path.exists(log_path): log_files = list(Path(log_path).glob('*.log')) for log_file in log_files: try: with open(log_file, 'r', encoding='utf-8', errors='ignore') as f: content = f.read() for pattern in sensitive_patterns: matches = re.findall(pattern, content, re.IGNORECASE) if matches: findings.append({ 'file': str(log_file), 'pattern': pattern, 'matches': matches }) except Exception as e: print(f"Error reading {log_file}: {e}") if findings: print("[!] Vulnerable: Sensitive information found in logs") for finding in findings: print(f" File: {finding['file']}") print(f" Pattern: {finding['pattern']}") print(f" Matches: {finding['matches']}") else: print("[+] No sensitive information detected in logs") return findings if __name__ == '__main__': print("CVE-2025-13925 IBM Aspera Console Log Information Disclosure Check") print("=" * 70) check_aspera_console_logs()

{"cve": {"id": "CVE-2025-13925", "sourceIdentifier": "[email protected]", "published": "2026-01-20T15:16:13.983", "lastModified": "2026-01-30T13:55:23.963", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user."}, {"lang": "es", "value": "IBM Aspera Console 3.4.7 almacena información potencialmente sensible en archivos de registro que podría ser leída por un usuario local privilegiado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:aspera_console:3.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "82D4C647-F4F9-4BB4-A1CE-8F176D01AD68"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7256544", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}