IBM Aspera Faspex 5 allows attackers to inject malicious headers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

IBM Aspera Faspex 5 allows attackers to inject malicious headers

CVE-2025-36227

Summary

IBM Aspera Faspex 5 versions 5.0.0 to 5.0.14.3 are vulnerable to a security risk. An attacker could inject malicious information into the system's headers, potentially allowing them to harm the system or steal user information. Update to a fixed version to protect against this risk.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
ibm	aspera_faspex	> 5.0.0 , <= 5.0.15	–

Original title

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attac...

Original description

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

nvd CVSS3.1 5.4

Vulnerability type

CWE-644

https://www.ibm.com/support/pages/node/7262816

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026