Rewterz

Multiple Cisco Unified Vulnerabilities

May 23, 2025
Rewterz

Multiple Zoho ManageEngine Products Vulnerabilities

May 23, 2025

Multiple IBM Aspera Faspex Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-33138 CVSS:5.4

IBM Aspera Faspex is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site to show malicious content and/or redirect users to a malicious URL.

CVE-2025-33137 CVSS:7.1

IBM Aspera Faspex could allow a remote authenticated attacker to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.

CVE-2025-33136 CVSS:7.1

IBM Aspera Faspex could allow a remote authenticated attacker to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

Impact

  • Security Bypass

Indicators of Compromise

CVE

  • CVE-2025-33138

  • CVE-2025-33137

  • CVE-2025-33136

Affected Vendors

  • IBM

Affected Products

  • IBM Aspera Faspex - 5.0.0
  • IBM Aspera Faspex - 5.0.12

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

IBM Security Advisory

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.