Unrated severityNVD Advisory· Published Mar 10, 2026· Updated Mar 11, 2026

Multiple vulnerabilities in IBM Aspera Orchestrator

CVE-2025-13219

Description

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.

Affected products

IBM/Aspera Orchestratorv5
cpe:2.3:a:ibm:aspera_orchestrator:3.0.0:*:*:*:*:*:*:*
Range: 3.0.0
IBM/Aspera Orchestratorllm-fuzzy
Range: 3.0.0 through 4.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ibm.com/support/pages/node/7263083mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000