What is CVE-2025-13219?

CVE-2025-13219 is a medium-severity vulnerability in Ibm Aspera Orchestrator, classified under CWE-598. CVSS score: 5.9/10. Published 2026-03-10.

How severe is CVE-2025-13219?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Ibm Aspera Orchestrator

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

EPSS: 0.000 (2.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Ibm Aspera Orchestrator — versions 3.0.0

Weakness classification (CWE)

CWE-598

References

www.ibm.com/support/pages/node/7263083 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-13219?: CVE-2025-13219 is a medium-severity vulnerability in Ibm Aspera Orchestrator, classified under CWE-598. CVSS score: 5.9/10. Published 2026-03-10.
How severe is CVE-2025-13219?: Medium severity. CVSS v3 base score is 5.9 out of 10.