CVE-2025-66485: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Published Mar 27, 2026
·Updated
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Other sources
IBM Aspera Shares is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
— IBM
Affected Software
2 affected components
IBM Aspera Shares<=1.9.9 - 1.11.0
IBM Aspera Shares>=1.9.9<1.11.1
Remediation
Information
Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1
Windows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1
Linux click here https://www.ibm.com/support/fixcentral/swg/selectFixes
Event History
Mar 27, 2026
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Apr 1, 2026
CVE Published
via MITRE·11:01 PM
Data Sourced
via MITRE·11:01 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·11:17 PM
DescriptionSeverityWeaknessAffected Software