Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
IBM Aspera Orchestrator stores sensitive info in URLs
CVE-2025-13219
Summary
IBM Aspera Orchestrator versions 3.0.0 through 4.1.2 store sensitive information in URL parameters, which can be accessed by unauthorized parties through server logs, browser history, or referrer headers. This may put sensitive data at risk. Update to a fixed version to prevent unauthorized access.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | aspera_orchestrator | > 3.0.0 , <= 4.1.3 | – |
Original title
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, ...
Original description
IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
nvd CVSS3.1
5.9
Vulnerability type
CWE-598
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026