CVE 8.8 HIGH

IBM Aspera Orchestrator Command Injection_CVE-2025-13481

December 11, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

AI Analysis

Command injection vulnerability in IBM Aspera Orchestrator 4.0.0 through 4.1.0 allowing authenticated users to execute arbitrary commands with elevated privileges

Basic Information

ID CVE-2025-13481

Source ibm

Published Dec 11, 2025 at 19:47

Affected Product

Vendor IBM

Product Aspera Orchestrator

Version 4.0.0

Affected Versions IBM Aspera Orchestrator 4.0.0

CWE Classification

CWE-78

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor IBM

Product Aspera Orchestrator

Version 4.0.0, 4.1.0

References

www.ibm.com /support/pages/node/7254434

{
    "lastseen": "",
    "description": "IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.",
    "published": "2025-12-11T19:47:10.233Z",
    "modified": "2025-12-11T19:47:10.233Z",
    "type": "cve",
    "title": "IBM Aspera Orchestrator Command Injection",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7254434",
    "id": "CVE-2025-13481",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "IBM Aspera Orchestrator 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aspera Orchestrator",
    "version": "4.0.0",
    "vendor": "IBM",
    "ai_description": "Command injection vulnerability in IBM Aspera Orchestrator 4.0.0 through 4.1.0 allowing authenticated users to execute arbitrary commands with elevated privileges",
    "ai_severity": "High",
    "ai_vendor": "IBM",
    "ai_product": "Aspera Orchestrator",
    "ai_version": "4.0.0, 4.1.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply