CVE-2025-66486: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Published Mar 27, 2026
·Updated
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
Other sources
IBM Aspera Shares is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
— IBM
Affected Software
2 affected components
IBM Aspera Shares<=1.9.9 - 1.11.0
IBM Aspera Shares>=1.9.9<1.11.1
Remediation
Information
Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1
Windows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1
Linux click here https://www.ibm.com/support/fixcentral/swg/selectFixes
Event History
Mar 27, 2026
CVE Published
via IBM·12:00 AM
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Apr 1, 2026
CVE Published
via MITRE·11:03 PM
Data Sourced
via MITRE·11:03 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·11:17 PM
DescriptionSeverityWeaknessAffected Software