Security Advisory

IBM Product Security Update Advisory

  • Sep 30 2025
IBM Product Security Update Advisory

Overview

 

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-36274, CVE-2025-47908

 

Aspera HTTP Gateway version: 2.0.0 and above 2.3.1 and below

 

 

Resolved Vulnerabilities

 

Vulnerability in IBM Aspera HTTP Gateway due to storing sensitive information in clear text (CVE-2025-36274)
Denial of service vulnerability due to excessive heap allocation in the ACRH header in middleware (CVE-2025-47908).

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-36274, CVE-2025-47908

 

Aspera HTTP Gateway version: 2.3.2

 

 

References

 

[1] Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway
https://www.ibm.com/support/pages/node/7246284

Tags:
Previous Post

Next Post