CVE-2025-66487: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Published Mar 27, 2026

Updated

IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

Other sources

IBM Aspera Shares does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service.

— IBM

Affected Software

2 affected components

IBM Aspera Shares<=1.9.9 - 1.11.0

IBM Aspera Shares>=1.9.9<1.11.1

Remediation

Information

Product(s)Fixing VRMPlatformLink to FixIBM Aspera Shares1.11.1 Windows click here https://www.ibm.com/support/fixcentral/swg/selectFixes IBM Aspera Shares1.11.1 Linux click here https://www.ibm.com/support/fixcentral/swg/selectFixes

Event History

Mar 27, 2026

CVE Published

via IBM·12:00 AM

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Apr 1, 2026

CVE Published

via MITRE·11:04 PM

Data Sourced

via MITRE·11:04 PM

RemedyDescriptionSeverityWeakness

Data Sourced

via NVD·11:17 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7267848

CVE-2025-66487: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Other sources

Affected Software

Remediation

Information

Event History

Parent advisories

Don't miss critical vulnerabilities

Company

Resources

Contact