CVE-2025-25048

Summary

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.

Affected Software

VendorProductVersion RangeStatus
IBMJazz Foundation7.0.2 <= 7.0.2 iFix033affected
IBMJazz Foundation7.0.3 <= 7.0.3 iFix012affected
IBMJazz Foundation7.1.0 <= 7.1.0 iFix002affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References