CVE-2025-11034

Summary

A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
DiboData Decision Making System2.0affected
DiboData Decision Making System2.1affected
DiboData Decision Making System2.2affected
DiboData Decision Making System2.3affected
DiboData Decision Making System2.4affected
DiboData Decision Making System2.5affected
DiboData Decision Making System2.6affected
DiboData Decision Making System2.7.0affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References