CVE-2025-0799

Published Feb 6, 2025

Last updated 13 days ago

CVSS medium 6.5

Overview

Description: IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
Source: psirt@us.ibm.com
NVD status: Analyzed
Products: app_connect_enterprise

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

psirt@us.ibm.com: CWE-22

Hype score: Not currently trending

CVE-2025-0799 IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system durin… https://t.co/rClUp4ZxBl
@CVEnew
6 Feb 2025
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26973E9A-2BCB-4627-A8E0-CAAF428E80A4",
            "versionEndIncluding": "12.0.12.10",
            "versionStartIncluding": "12.0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80905999-F0C6-41F6-B3FD-C7683CA95CA2",
            "versionEndIncluding": "13.0.2.1",
            "versionStartIncluding": "13.0.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References