CVE-2025-13219 | THREATINT

Description

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

PUBLISHED Reserved 2025-11-14 | Published 2026-03-10 | Updated 2026-03-11 | Assigner ibm

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-598 Use of GET Request Method With Sensitive Query Strings

Product status

3.0.0 (semver)

affected

References

www.ibm.com/support/pages/node/7263083 vendor-advisory patch

cve.org (CVE-2025-13219)

nvd.nist.gov (CVE-2025-13219)

Download JSON