CVE-2025-13379 PUBLISHED

A SQL Injection vulnerability has been addressed in IBM Aspera Console

Assigner: ibm
Reserved: 18.11.2025 Published: 05.02.2026 Updated: 05.02.2026

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS Score: 8.6

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	IBM
Product	Aspera Console
Versions	affected from 3.4.0 to 3.4.8 (incl.)

Solutions

IBM strongly recommends that customers upgrade to the latest version of IBM Aspera Console:

Product(s)Fixing VRMPlatformLink to FixIBM Aspera Console3.4.8 FP1

Windows Link https://www.ibm.com/support/fixcentral/swg/doSelectFixes IBM Aspera Console3.4.8 FP1

Linux Link https://www.ibm.com/support/fixcentral/swg/doSelectFixes IBM Aspera Console3.4.8 FP1

Multiplatform Link https://www.ibm.com/support/fixcentral/swg/doSelectFixes

References

https://www.ibm.com/support/pages/node/7259448

Problem Types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE