CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7263083	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:ibm:aspera_orchestrator:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

12 Mar 2026, 17:09

Type	Values Removed	Values Added
References	~~() https://www.ibm.com/support/pages/node/7263083 -~~	() https://www.ibm.com/support/pages/node/7263083 - Vendor Advisory
CPE		cpe:2.3:a:ibm:aspera_orchestrator:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::*
First Time		Linux Ibm aspera Orchestrator Ibm Linux linux Kernel

11 Mar 2026, 13:53

Type	Values Removed	Values Added
Summary		(es) IBM Aspera Orchestrator 3.0.0 hasta 4.1.2 almacena información sensible en parámetros de URL. Esto puede llevar a la revelación de información si partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referrer o el historial del navegador.

10 Mar 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 20:16

Updated : 2026-03-12 17:09

NVD link : CVE-2025-13219

Mitre link : CVE-2025-13219

CVE.ORG link : CVE-2025-13219

JSON object : View

Products Affected

linux

linux_kernel

ibm

aspera_orchestrator

CWE

CWE-598

Use of GET Request Method With Sensitive Query Strings

{"id": "CVE-2025-13219", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-10T20:16:19.233", "references": [{"url": "https://www.ibm.com/support/pages/node/7263083", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-598"}]}], "descriptions": [{"lang": "en", "value": "IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history."}, {"lang": "es", "value": "IBM Aspera Orchestrator 3.0.0 hasta 4.1.2 almacena informaci\u00f3n sensible en par\u00e1metros de URL. Esto puede llevar a la revelaci\u00f3n de informaci\u00f3n si partes no autorizadas tienen acceso a las URL a trav\u00e9s de los registros del servidor, el encabezado referrer o el historial del navegador."}], "lastModified": "2026-03-12T17:09:01.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:aspera_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3C74FAB-D7CA-40CE-B806-903220497FD9", "versionEndExcluding": "4.1.3", "versionStartIncluding": "3.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}