CVE-2025-36227

Name of the Vulnerable Software and Affected Versions IBM Aspera Faspex 5 versions 5.0.0 through 5.0.14.3

Description The software is susceptible to HTTP header injection due to inadequate validation of input received through the HOST headers. This could enable an attacker to perform various attacks against the system, including cross-site scripting, cache poisoning, or session hijacking. The vulnerable component is the handling of the HOST header.

Recommendations Update to a version beyond 5.0.14.3.