CVE-2025-0162

High

Published: 07 March 2025

Published

07 March 2025

Modified

13 March 2025

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

EPSS Score 0.0008 23.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0162 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Ibm Aspera Shares. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates XXE by requiring validation of XML inputs to block external entity processing that enables sensitive information disclosure or memory exhaustion.

SI-2 Flaw Remediation good match

prevent

Requires timely flaw remediation through patching of the specific XXE vulnerability in IBM Aspera Shares as detailed in the vendor advisory.

CM-6 Configuration Settings good match

prevent

Enforces secure configuration settings for XML parsers within the system to disable external entity resolution and prevent XXE exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

XXE vulnerability in public-facing web application directly enables exploitation via T1190 and facilitates local file reading for sensitive data disclosure via T1005.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Deeper analysisAI

CVE-2025-0162 is an XML external entity injection (XXE) vulnerability, mapped to CWE-611, affecting IBM Aspera Shares versions 1.9.9 through 1.10.0 PL7. The issue arises when the software processes XML data, potentially allowing improper handling of external entities.

A remote authenticated attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation could enable the attacker to disclose sensitive information (C:H) or consume memory resources (A:L), with no integrity impact (I:N) and unchanged scope (S:U). The CVSS v3.1 base score is 7.1.

IBM's security advisory provides details on mitigation and patching; see https://www.ibm.com/support/pages/node/7185096.

Details

CWE(s): CWE-611

Affected Products

ibm

aspera shares

1.10.0 · 1.9.9 — 1.10.0

CVEs Like This One

CVE-2026-1567Same vendor: Ibm

CVE-2025-12531Same vendor: Ibm

CVE-2024-49352Same vendor: Ibm

CVE-2025-36247Same vendor: Ibm

CVE-2024-56340Same vendor: Ibm

CVE-2024-49781Same vendor: Ibm

CVE-2025-13096Same vendor: Ibm

CVE-2024-41771Same vendor: Ibm

CVE-2025-13616Same vendor: Ibm

CVE-2024-54171Same vendor: Ibm

References

https://www.ibm.com/support/pages/node/7185096
Vendor Advisory · psirt@us.ibm.com