{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13916", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-12-02T18:42:50.665Z", "datePublished": "2026-04-01T20:46:05.855Z", "dateUpdated": "2026-04-02T14:00:16.600Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-01T20:46:19.519Z"}, "title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "type": "CWE"}]}], "affected": [{"vendor": "IBM", "product": "Aspera Shares", "versions": [{"status": "affected", "version": "1.9.9", "lessThanOrEqual": "1.11.0", "versionType": "semver"}], "cpes": ["cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information</p>"}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267848", "tags": ["vendor-advisory", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p><br></p><table><tbody><tr><td><strong>Product(s)</strong></td><td><strong>Fixing VRM</strong></td><td><strong>Platform</strong></td><td><strong>Link to Fix</strong></td></tr><tr><td>IBM Aspera Shares</td><td><div>1.11.1</div></td><td>Windows</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Aspera+Shares&amp;release=1.11.1&amp;platform=Windows&amp;function=all\" rel=\"nofollow\">click here</a></td></tr><tr><td>IBM Aspera Shares</td><td><div>1.11.1</div></td><td>Linux</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Aspera+Shares&amp;release=1.11.1&amp;platform=Linux&amp;function=all\" rel=\"nofollow\">click here</a></td></tr></tbody></table>"}]}], "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:00:00.694221Z", "id": "CVE-2025-13916", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:00:16.600Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T14:00:00.694221Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:00:06.628Z"}}], "cna": {"title": "Multiple vulnerabilities have been addressed in IBM Aspera Shares", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:aspera_shares:1.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:aspera_shares:1.11.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Aspera Shares", "versions": [{"status": "affected", "version": "1.9.9", "versionType": "semver", "lessThanOrEqual": "1.11.0"}]}], "solutions": [{"lang": "en", "value": "Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1\n\nWindows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1\n\nLinux click here https://www.ibm.com/support/fixcentral/swg/selectFixes", "supportingMedia": [{"type": "text/html", "value": "<p><br></p><table><tbody><tr><td><strong>Product(s)</strong></td><td><strong>Fixing VRM</strong></td><td><strong>Platform</strong></td><td><strong>Link to Fix</strong></td></tr><tr><td>IBM Aspera Shares</td><td><div>1.11.1</div></td><td>Windows</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Aspera+Shares&amp;release=1.11.1&amp;platform=Windows&amp;function=all\" rel=\"nofollow\">click here</a></td></tr><tr><td>IBM Aspera Shares</td><td><div>1.11.1</div></td><td>Linux</td><td><a href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Aspera+Shares&amp;release=1.11.1&amp;platform=Linux&amp;function=all\" rel=\"nofollow\">click here</a></td></tr></tbody></table>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7267848", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-04-01T20:46:19.519Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13916", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:00:16.600Z", "dateReserved": "2025-12-02T18:42:50.665Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-04-01T20:46:05.855Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:aspera_shares:*:*:*:*:*:*:*:*", "matchCriteriaId": "E91033A7-CCAD-49AB-814E-73898AC951E9", "versionEndExcluding": "1.11.1", "versionStartIncluding": "1.9.9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information"}], "id": "CVE-2025-13916", "lastModified": "2026-04-06T16:49:10.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T21:16:56.803", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7267848"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.9.9,1.11.0]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Aspera Shares", "source": "cna", "vendor": "IBM"}, "product": "aspera_shares", "vendor": "ibm"}], "analysis": {"en": {"generated_at": "2026-04-06T21:52:15.181440+00:00", "value": {"mitigation_remediation": ["Update IBM Aspera Shares to version\u00a01.11.1 using the IBM Fix Central links provided for Windows and Linux."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is IBM Aspera Shares on both Windows and Linux operating systems. Impacted releases are 1.9.9, 1.10.x, and 1.11.0. The 1.11.1 release resolves the issue for both platforms, with update packages available through IBM\u2019s Fix Central for Windows and Linux. No other vendors or products are reported to be affected by this cryptographic weakness.", "description_and_impact": "IBM Aspera Shares versions 1.9.9 to 1.11.0 use cryptographic algorithms that are weaker than expected, allowing an attacker to decrypt data that is supposed to remain confidential. The weakness is reflected by the CWE\u2011327 identifier, which describes the inappropriate use of cryptographic primitives that have known vulnerabilities. As a result, confidential information transmitted or stored by the software could be exposed without authorization. The description makes no mention of a specific algorithm, but the impact is clearly the potential loss of confidentiality.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate severity vulnerability. The EPSS score of less than 1\u202f% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, implying no widespread exploitation has been documented. The likely attack vector would require an attacker who can access data encrypted by Aspera Shares or intercept that data in transit; however, no publicly available exploit technique is described in the advisory. The principal risk remains to the confidentiality of data, and it is mitigated once the software is updated to a version that uses robust cryptographic algorithms."}}}}, "created": "2026-04-02T07:47:31.125730+00:00", "updated": "2026-04-07T08:07:26.593750+00:00", "vendors": ["ibm", "ibm$PRODUCT$aspera_shares"]}