What is CVE-2025-33136?

CVE-2025-33136 is a high-severity vulnerability in Ibm Aspera Faspex, classified under Modification of Assumed-Immutable Data (MAID). CVSS score: 7.1/10. Published 2025-05-22.

How severe is CVE-2025-33136?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Ibm Aspera Faspex

CVE-2025-33136

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

EPSS: 0.002 (43.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Ibm Aspera Faspex — versions 5.0.0

Weakness classification (CWE)

CWE-471 — Modification of Assumed-Immutable Data (MAID)

References

www.ibm.com/support/pages/node/7234114 (vendor-advisory, patch)

Frequently asked questions

What is CVE-2025-33136?: CVE-2025-33136 is a high-severity vulnerability in Ibm Aspera Faspex, classified under Modification of Assumed-Immutable Data (MAID). CVSS score: 7.1/10. Published 2025-05-22.
How severe is CVE-2025-33136?: High severity. CVSS v3 base score is 7.1 out of 10.