CVE-2025-66484: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Published Mar 27, 2026
·Updated
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Other sources
IBM Aspera Shares is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
— IBM
Affected Software
2 affected components
IBM Aspera Shares<=1.9.9 - 1.11.0
IBM Aspera Shares>=1.9.9<1.11.1
Remediation
Information
Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1
Windows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1
Linux click here https://www.ibm.com/support/fixcentral/swg/selectFixes
Event History
Mar 27, 2026
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Apr 1, 2026
CVE Published
via MITRE·10:59 PM
Data Sourced
via MITRE·10:59 PM
RemedyDescriptionSeverity
Data Sourced
via NVD·11:17 PM
DescriptionSeverityWeaknessAffected Software