Multiple vulnerabilities have been addressed in IBM Aspera Shares

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Basic Information

ID CVE-2025-66485

Source ibm

Published Apr 1, 2026 at 23:01

Modified Apr 2, 2026 at 18:10

Affected Product

Vendor IBM

Product Aspera Shares

Version 1.9.9

Affected Versions IBM Aspera Shares 1.9.9

CWE Classification

CWE-644

References

www.ibm.com /support/pages/node/7267848

{
    "lastseen": "",
    "description": "IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. \u00a0This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
    "published": "2026-04-01T23:01:47.211Z",
    "modified": "2026-04-02T18:10:25.437Z",
    "type": "cve",
    "title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7267848",
    "id": "CVE-2025-66485",
    "bulletinFamily": "",
    "cwe": [
        "CWE-644"
    ],
    "cvelist": null,
    "sourceData": "IBM Aspera Shares 1.9.9",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aspera Shares",
    "version": "1.9.9",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Multiple vulnerabilities have been addressed in IBM Aspera Shares_CVE-2025-66485