CVE-2025-27906Exposure of Information Through Directory Listing in IBM Content Navigator

CWE-548Exposure of Information Through Directory Listing3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 91.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Content Navigator
Timeline
PublishedOct 14

Description

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/content_navigator4 versions+3
NVDibm/content_navigator4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-3p7q-rqj4-rf3g: IBM Content Navigator 32025-10-14
CVEList
IBM Content Navigator information disclosure2025-10-14
CVE-2025-27906 — IBM Content Navigator vulnerability | cvebase