Zero Day MonitorZDM

← Back to list

5.4

CVE-2025-66485EXPLOITEDPATCHED

ibm · aspera shares

Multiple vulnerabilities have been addressed in IBM Aspera Shares

Description

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Affected Products

Vendor	Product	Versions
ibm	aspera shares	1.9.9

References

https://www.ibm.com/support/pages/node/7267848(vendor-advisory, patch)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2025-66485 | IBM Aspera Shares up to 1.11.0 HTTP Header http headers for scripting syntax

→ No new info (linked only)

CVSS 3.15.4 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://www.ibm.com/support/pages/node/7267848

CWECWE-644

PublishedApr 1, 2026

Last enriched4h agov2

Tags

CVE-2025-66485

Trending Score49

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2025-36375EXP

IBM DataPower Gateway vulnerable to CSRF

CRITICALCVE-2026-1345EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CRITICALCVE-2026-4101EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

HIGHCVE-2026-1491EXP

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

MEDIUMCVE-2025-36373

Incorrect administrative access control in IBM DataPower Gateway

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Actively Exploited

Apr 1, 2026

Patch Available

Apr 1, 2026

Updated: severity, activelyExploited, tags

Apr 2, 2026

Version History

v2

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit is available.

severityactivelyExploitedtags

via VulDB

v16h ago

Initial creation