CVE-2025-25048

CWE-233 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 88.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Foundation
Timeline
PublishedSep 4

Description

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/jazz_foundation7.0.27.0.2 iFix033+2
NVDibm/jazz_foundation7.0.2, 7.0.3, 7.1.0+2

Patches

Patch: www.ibm.com

🔴Vulnerability Details

2
CVEList
IBM Jazz Foundation path traversal2025-09-04
GHSA
GHSA-frpg-jh29-93cv: IBM Jazz Foundation 72025-09-04
CVE-2025-25048 (MEDIUM CVSS 6.5) | IBM Jazz Foundation 7.0.2 through 7 | cvebase.io