CVE-2025-25048
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Jazz Foundation | 7.0.2 <= 7.0.2 iFix033 | affected |
| IBM | Jazz Foundation | 7.0.3 <= 7.0.3 iFix012 | affected |
| IBM | Jazz Foundation | 7.1.0 <= 7.1.0 iFix002 | affected |
Weaknesses
- CWE-23: CWE-23 Relative Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.