CVE-2025-36171: 
IBM Aspera Faspex vulnerability analysis and mitigation

IBM Aspera Faspex versions 5.0.0 through 5.0.13.1 contains a vulnerability that could allow a privileged user to cause a denial of service condition. The vulnerability was disclosed on October 9, 2025, and is tracked as CVE-2025-36171. The issue affects IBM Aspera Faspex installations on both Linux and Windows platforms (IBM Advisory).

The vulnerability stems from improperly validated API input that can lead to excessive resource consumption. It has been assigned a CVSS v3.1 base score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The vulnerability is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling) (NVD, IBM Advisory).

The vulnerability can result in a denial of service condition affecting the availability of the system. Since it requires high privileges to exploit, the impact is somewhat limited, but could still cause significant disruption to system availability. No impact on confidentiality or integrity has been reported (IBM Advisory).

IBM has released version 5.0.14 to address this vulnerability and strongly recommends upgrading to this version. The fix is available for both Linux and Windows platforms. No temporary workarounds have been provided by the vendor (IBM Advisory).