Home

Description

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

PUBLISHED Reserved 2025-11-20 | Published 2025-12-11 | Updated 2025-12-11 | Assigner ibm




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

4.0.0 (semver)
affected

References

www.ibm.com/support/pages/node/7254434 vendor-advisory patch

cve.org (CVE-2025-13481)

nvd.nist.gov (CVE-2025-13481)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.