CVE-2025-66484 is a stored cross-site scripting vulnerability found in IBM Aspera Shares versions 1.9.9 through 1.11.0. Stored XSS occurs when malicious JavaScript code is permanently stored on the target server, in this case within the web UI of Aspera Shares, and executed in the context of users accessing the interface. The vulnerability allows an authenticated user with high privileges to embed arbitrary JavaScript code, which can manipulate the web application’s behavior, potentially leading to unauthorized actions such as credential disclosure or session hijacking. The CVSS 3.1 vector indicates the attack can be performed remotely over the network (AV:N) with low complexity (AC:L), but requires privileges (PR:H) and no user interaction (UI:N). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the vulnerable component. The impact affects confidentiality and integrity but not availability. No patches or known exploits are currently published, but the vulnerability poses a risk to organizations relying on Aspera Shares for secure file sharing and collaboration. Attackers exploiting this flaw could steal session tokens or credentials, enabling further compromise within trusted environments.

The vulnerability can lead to unauthorized disclosure of user credentials and session tokens, enabling attackers to impersonate legitimate users or escalate privileges within the affected environment. This can result in unauthorized access to sensitive files and data shared via IBM Aspera Shares, potentially leading to data breaches, intellectual property theft, or disruption of business operations. Since the vulnerability requires high privileges to exploit, insider threats or compromised accounts pose a significant risk. The alteration of web UI functionality can also facilitate further attacks or social engineering within trusted sessions. Organizations in sectors such as media, finance, healthcare, and government that use Aspera Shares for secure file transfers are particularly at risk. The medium severity rating suggests a moderate but non-trivial impact, emphasizing the need for timely remediation to prevent exploitation.

1. Apply official patches or updates from IBM as soon as they become available for Aspera Shares versions 1.9.9 through 1.11.0. 2. Restrict access to the Aspera Shares web interface to trusted networks and users with the least privilege necessary to reduce exposure. 3. Implement web application firewalls (WAFs) with rules to detect and block common XSS attack patterns targeting the Aspera Shares UI. 4. Conduct regular security audits and code reviews focusing on input validation and output encoding in the web UI to prevent injection of malicious scripts. 5. Educate administrators and users about the risks of XSS and encourage vigilance for suspicious behavior or unexpected UI changes. 6. Monitor logs for unusual activities indicative of attempted or successful exploitation, such as anomalous JavaScript execution or credential access patterns. 7. Consider deploying Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the web interface. 8. Enforce multi-factor authentication (MFA) for all users accessing the Aspera Shares platform to limit the impact of credential theft.