CVE-2025-13916

Medium

Published: 01 April 2026

Published

01 April 2026

Modified

06 April 2026

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0002 4.7th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-13916 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Aspera Shares. Its CVSS base score is 5.9 (Medium).

Operationally, ranked at the 4.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-13 Cryptographic Protection good match

prevent

Requires implementation of approved cryptographic mechanisms to protect confidentiality of sensitive information at rest and in transit, directly preventing exploitation of weak algorithms in IBM Aspera Shares.

SI-2 Flaw Remediation good match

prevent

Mandates prompt identification, reporting, and correction of flaws like the cryptographic weakness in IBM Aspera Shares versions 1.9.9 through 1.11.0 via patching or upgrades.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Vulnerability scanning detects cryptographic weaknesses and known issues like CVE-2025-13916 in IBM Aspera Shares, enabling timely remediation.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

Deeper analysisAI

CVE-2025-13916 is a cryptographic weakness in IBM Aspera Shares versions 1.9.9 through 1.11.0, where the software uses weaker than expected cryptographic algorithms. This issue, mapped to CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), could enable an attacker to decrypt highly sensitive information. The vulnerability received a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting medium severity primarily due to high confidentiality impact.

A remote attacker can exploit this vulnerability over the network without requiring privileges or user interaction, though successful attacks demand high complexity. Exploitation allows the attacker to achieve high-impact confidentiality loss by decrypting highly sensitive information, with no effects on integrity or availability.

IBM provides details on mitigation in its security advisory at https://www.ibm.com/support/pages/node/7267848.

Details

CWE(s): CWE-327

Affected Products

ibm

aspera shares

1.9.9 — 1.11.1

CVEs Like This One

CVE-2024-41763Same product: Linux Linux Kernel

CVE-2024-49779Same product: Linux Linux Kernel

CVE-2024-43178Same product: Linux Linux Kernel

CVE-2024-49781Same product: Linux Linux Kernel

CVE-2024-45643Same product: Linux Linux Kernel

CVE-2024-41766Same product: Linux Linux Kernel

CVE-2024-49782Same product: Linux Linux Kernel

CVE-2024-54171Same product: Linux Linux Kernel

CVE-2024-41767Same product: Linux Linux Kernel

CVE-2025-36258Same product: Linux Linux Kernel

References

https://www.ibm.com/support/pages/node/7267848
Vendor Advisory · psirt@us.ibm.com