anonhaven
Ad

CVE-2025-66484

MEDIUM CVSS 3.1: 5.4 EPSS 0.03%
Updated Apr 03, 2026
IBM
Parameter Value
CVSS 5.4 (MEDIUM)
Affected Versions 1.9.9 — 1.11.1
Fixed In 1.11.1
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor IBM
Public PoC No

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Ibm Aspera_Shares
cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*
 1.9.9 1.11.1

References 1

https://www.ibm.com/support/pages/node/7267848
psirt@us.ibm.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1243

IBM

5.4

CVE-2025-66487

IBM

6.5

CVE-2025-66486

IBM

6.1

CVE-2025-66485

IBM

5.4

CVE-2025-66483

IBM

6.3