CVE-2025-36274
📋 TL;DR
IBM Aspera HTTP Gateway versions 2.0.0 through 2.3.1 store sensitive information in plain text files that can be accessed by unauthenticated users. This allows attackers to read credentials, tokens, or other sensitive data without authentication. Organizations using these vulnerable versions of IBM Aspera HTTP Gateway are affected.
💻 Affected Systems
- IBM Aspera HTTP Gateway
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain administrative credentials, compromise the entire Aspera deployment, exfiltrate sensitive data, and pivot to other systems.
Likely Case
Attackers harvest credentials or tokens to gain unauthorized access to Aspera file transfers and potentially access sensitive files.
If Mitigated
Limited exposure if files are protected by additional access controls or network segmentation prevents external access.
🎯 Exploit Status
Exploitation requires only file read access to known or discoverable file paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.2 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7246284
Restart Required: Yes
Instructions:
1. Download IBM Aspera HTTP Gateway version 2.3.2 or later from IBM Fix Central. 2. Backup configuration files. 3. Install the update following IBM's installation guide. 4. Restart the Aspera HTTP Gateway service.
🔧 Temporary Workarounds
Restrict file system permissions
linuxApply strict file permissions to sensitive configuration files to prevent unauthorized read access.
chmod 600 /path/to/sensitive/files
chown root:root /path/to/sensitive/files
Network segmentation
allPlace Aspera HTTP Gateway behind firewall rules that restrict access to trusted IP addresses only.
🧯 If You Can't Patch
- Remove internet-facing exposure by placing the service behind VPN or strict firewall rules.
- Implement additional monitoring and alerting for unauthorized file access attempts.
🔍 How to Verify
Check if Vulnerable:
Check the installed version via Aspera administration interface or configuration files. If version is between 2.0.0 and 2.3.1 inclusive, the system is vulnerable.Check Version:
Check the version in the Aspera HTTP Gateway admin interface or configuration files.Verify Fix Applied:
Verify the version is 2.3.2 or later and test that sensitive files are no longer readable by unauthenticated users.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns to configuration files
- Failed authentication attempts followed by successful file reads
Network Indicators:
- HTTP requests to known configuration file paths from unauthorized sources
SIEM Query:
source="aspera_logs" AND (file_access="*.conf" OR file_access="*.cfg") AND user="unauthenticated"