IBM Product Security Update Advisory

Dec 15 2025

Overview

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-13481, CVE-2025-13148, CVE-2025-13214

IBM Aspera Orchestrator Versions: 4.0.0 and later and 4.1.0 and earlier

Resolved Vulnerabilities

Command injection vulnerability due to improper input validation in IBM Aspera Orchestrator (CVE-2025-13481)
Account takeover vulnerability due to unvalidated password changes in IBM Aspera Orchestrator (CVE-2025-13148)
SQL Injection Vulnerability in IBM Aspera Orchestrator (CVE-2025-13214)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-13481, CVE-2025-13148, CVE-2025-13214

IBM Aspera Orchestrator Version: 4.1.1

References

[1] Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator
https://www.ibm.com/support/pages/node/7254434

IBM Product Security Update Advisory

Mozilla Product Security Update Advisory

Microsoft Edge browser (143.0.3650.80) version security update advisory

Tags:

Mozilla Product Security Update Advisory

Microsoft Edge browser (143.0.3650.80) version security update advisory