CVE-2025-36230

Description

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:* - VULNERABLE

IBM Aspera Faspex 5 5.0.0 - 5.0.14.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-36230
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-36230
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-36230/
[4] VulDB https://vuldb.com/cve/CVE-2025-36230
[5] https://www.ibm.com/support/pages/node/7255331

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-36230", "sourceIdentifier": "[email protected]", "published": "2025-12-26T15:15:46.830", "lastModified": "2025-12-29T17:42:46.707", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.14.2", "matchCriteriaId": "FC9C79B9-3E8B-472C-8399-9A8788B0E368"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7255331", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}