CVE-2025-36039: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex versions 5.0.0 through 5.0.12.1 contains a security vulnerability identified as CVE-2025-36039. The vulnerability was discovered and disclosed on July 30, 2025, affecting the client-side enforcement of server-side security mechanisms. This vulnerability impacts IBM Aspera Faspex installations running on Linux platforms (IBM Advisory).

The vulnerability is classified as CWE-602 (Client-Side Enforcement of Server-Side Security) with a CVSS v3.1 base score of 6.5 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, no impact on confidentiality, high impact on integrity, and no impact on availability (NVD).

The vulnerability could allow an authenticated user to perform unauthorized actions within the system. The impact primarily affects the integrity of the system, with no direct impact on confidentiality or availability. The CVSS scoring indicates a high integrity impact, suggesting that authenticated users could potentially modify system data or operations in unauthorized ways (IBM Advisory).

IBM strongly recommends addressing the vulnerability by upgrading to Aspera Faspex version 5.0.13. The fix is available for Linux platforms through IBM's support portal. No alternative workarounds or mitigations have been provided by IBM (IBM Advisory).