>

CVE-2025-66484

medium

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.5
cvss medium
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss 0.0002
exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.
kev no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1 Common Vulnerability Scoring System v3.1
5.5 / 10
MEDIUM
exploitability
Attack Vector
Network
Attack Vector (AV:N): exploitable remotely over the network — most dangerous. no physical or adjacent access needed.
Attack Complexity
Low
Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.
Privileges Required
High
Privileges Required (PR:H): requires admin or highly privileged access.
User Interaction
None
User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.
impact
Scope
Changed
Scope (S:C): exploitation impacts resources beyond the vulnerable component.
Confidentiality
Low
Confidentiality (C:L): limited data exposure. some restricted information can be read.
Integrity
Low
Integrity (I:L): limited data modification. some data can be altered.
Availability
None
Availability (A:N): no availability impact.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
exploit detect attrib advisory media timeline
exploitation detection attribution advisories media timeline
rdintel assessment
22 threat composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

sign in to view full intelligence

pocs, detection rules, timeline, advisories, and more

sign in create account