CVE-2025-13379 – IBM Aspera Faspex Improper Access Control Vulnerability
“A security gap in IBM Aspera Faspex could allow attackers to bypass key access controls. If exploited, unauthorized users could interfere with secure enterprise file transfer operations.”
IBM released a security update addressing a vulnerability affecting IBM Aspera Faspex, a platform used for high-speed enterprise file transfers. The issue impacts how the application enforces access restrictions within certain service components. If left unpatched, the weakness could allow unauthorized users to interact with functions that should be restricted.
CVE-2025-13379 carries a CVSS v3.1 score of 8.6 (High). The vulnerability stems from improper access control validation within the Faspex application. Successful exploitation could allow attackers to bypass security checks and perform unauthorized actions that may affect file transfer operations or expose sensitive data handled by the platform.
IBM addressed the issue through security updates that strengthen authentication and access control enforcement within affected Faspex components. No verified real-world exploitation or confirmed public proof-of-concept code has been reported for this vulnerability.
Key Details
- Affected Product
- Foxit Pdf Editor Cloud
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- Required
- CWE Classification
- CWE-79