CVE-2025-0799Path Traversal in IBM APP Connect Enterprise

CWE-22Path TraversalCWE-416Use After Free4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 69.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM APP Connect EnterpriseIBM APP Connect Enterprise
Timeline
PublishedFeb 6

Description

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDibm/app_connect_enterprise12.0.1.012.0.12.10+1
CVEListV5ibm/ibm_app_connect_enterprise13.0.1.013.0.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-mrmh-6jc5-mv8x: IBM App Connect enterprise 122025-02-06
CVEList
IBM App Connect Enterprise Arbitrary File Write2025-02-06

📋Vendor Advisories

1
Microsoft
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701 allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fi2023-02-14
CVE-2025-0799 — Path Traversal in IBM | cvebase