CVE-2025-13925 - Vulnerability Details - OpenCVE

IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm Subscribe	Aspera Console Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Remediation/Fixes It is strongly recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s) Fixing VRM Platform Link to Fix IBM Aspera Console 3.4.8 Windows Link IBM Aspera Console 3.4.8 Linux Link

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7256544

History

Tue, 20 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 20 Jan 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.
Title		Multiple vulnerabilities in IBM Aspera Console
First Time appeared		Ibm Ibm aspera Console
Weaknesses		CWE-532
CPEs		cpe:2.3:a:ibm:aspera_console:3.4.7:::::::*
Vendors & Products		Ibm Ibm aspera Console
References		https://www.ibm.com/support/pages/node/7256544
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2026-01-20T14:56:30.671Z

Updated: 2026-01-20T15:41:38.943Z

Reserved: 2025-12-02T20:53:59.750Z

Link: CVE-2025-13925

Vulnrichment

Updated: 2026-01-20T15:41:26.236Z

NVD

Status : Received

Published: 2026-01-20T15:16:13.983

Modified: 2026-01-20T15:16:13.983

Link: CVE-2025-13925

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-532

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13925", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-02T20:53:59.750Z", "datePublished": "2026-01-20T14:56:30.671Z", "dateUpdated": "2026-01-20T15:41:38.943Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_console:3.4.7:*:*:*:*:*:*:*"], "product": "Aspera Console", "vendor": "IBM", "versions": [{"status": "affected", "version": "3.4.7"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.</p>"}], "value": "IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-20T14:56:30.671Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7256544"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Remediation/Fixes It is strongly recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s) Fixing VRM Platform Link to Fix IBM Aspera Console 3.4.8 Windows Link IBM Aspera Console 3.4.8 Linux Link</p>"}], "value": "Remediation/Fixes It is strongly recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s) Fixing VRM Platform Link to Fix IBM Aspera Console 3.4.8 Windows Link IBM Aspera Console 3.4.8 Linux Link"}], "title": "Multiple vulnerabilities in IBM Aspera Console", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T15:41:17.305057Z", "id": "CVE-2025-13925", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T15:41:38.943Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13925", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T15:41:17.305057Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T15:41:26.236Z"}}], "cna": {"title": "Multiple vulnerabilities in IBM Aspera Console", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_console:3.4.7:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Aspera Console", "versions": [{"status": "affected", "version": "3.4.7"}]}], "solutions": [{"lang": "en", "value": "Remediation/Fixes It is strongly recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s) Fixing VRM Platform Link to Fix IBM Aspera Console 3.4.8 Windows Link IBM Aspera Console 3.4.8 Linux Link", "supportingMedia": [{"type": "text/html", "value": "<p>Remediation/Fixes It is strongly recommended that customers upgrade to the latest version of IBM Aspera Console: Product(s) Fixing VRM Platform Link to Fix IBM Aspera Console 3.4.8 Windows Link IBM Aspera Console 3.4.8 Linux Link</p>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7256544", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-20T14:56:30.671Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13925", "state": "PUBLISHED", "dateUpdated": "2026-01-20T15:41:38.943Z", "dateReserved": "2025-12-02T20:53:59.750Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-01-20T14:56:30.671Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}