CVE-2025-36040: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex versions 5.0.0 through 5.0.12.1 contains a security vulnerability identified as CVE-2025-36040. The vulnerability was discovered and disclosed on July 30, 2025, affecting the authentication mechanisms of the software. This vulnerability could allow an authenticated user to perform unauthorized actions due to client-side enforcement of server-side security mechanisms (IBM Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. The weakness is categorized under CWE-613: Insufficient Session Expiration, indicating issues with session management and security control implementation (IBM Advisory).

When exploited, this vulnerability allows authenticated users to perform unauthorized actions within the system. The CVSS scoring indicates high impact on integrity (I:H) while confidentiality and availability remain unaffected (C:N, A:N) (IBM Advisory).

IBM has released version 5.0.13 of Aspera Faspex to address this vulnerability. The vendor strongly recommends upgrading to this version immediately. No alternative workarounds or mitigations are available (IBM Advisory).