Multiple Cisco Unified Vulnerabilities

May 23, 2025

Multiple Zoho ManageEngine Products Vulnerabilities

May 23, 2025

Multiple IBM Aspera Faspex Vulnerabilities

May 23, 2025

Severity

Medium

Analysis Summary

CVE-2025-33138 CVSS:5.4

IBM Aspera Faspex is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site to show malicious content and/or redirect users to a malicious URL.

CVE-2025-33137 CVSS:7.1

IBM Aspera Faspex could allow a remote authenticated attacker to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.

CVE-2025-33136 CVSS:7.1

IBM Aspera Faspex could allow a remote authenticated attacker to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2025-33138
CVE-2025-33137
CVE-2025-33136

Affected Vendors

Affected Products

IBM Aspera Faspex - 5.0.0
IBM Aspera Faspex - 5.0.12

Remediation

Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.

IBM Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Windows Vim Flaw Allows Arbitrary Code Execution

Hackers Exploit WordPress Plugin Flaw for Remote Code Execution

APT Group Gamaredon aka Shuckworm – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple Cisco Unified Vulnerabilities

Multiple Zoho ManageEngine Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation