CVE-2025-25048

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-25048
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7244014 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:jazz_foundation:7.0.2:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix008a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix013:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix014:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix016:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix017:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix018:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix020a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix021:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix022:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix023:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix024:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix025:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix026a:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix027:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix028:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix029:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix030:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix031:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix032:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.2:ifix033:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix002:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix003:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix004:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix005:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix006:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix007:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix008:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix009:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix010:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix011:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.0.3:ifix012:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix001:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_foundation:7.1.0:ifix002:*:*:*:*:*:*
History

No history.

Information

Published : 2025-09-04 15:15

Updated : 2026-01-09 02:31

NVD link : CVE-2025-25048

Mitre link : CVE-2025-25048

CVE.ORG link : CVE-2025-25048

JSON object : View

Products Affected

ibm

  • jazz_foundation
CWE
CWE-23

Relative Path Traversal