Home

Description

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.

PUBLISHED Reserved 2025-02-01 | Published 2025-09-04 | Updated 2025-09-04 | Assigner ibm




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Problem types

CWE-23 Relative Path Traversal

Product status

Default status
unaffected

7.0.2 (semver)
affected

7.0.3 (semver)
affected

7.1.0 (semver)
affected

References

www.ibm.com/support/pages/node/7244014 vendor-advisory patch

cve.org (CVE-2025-25048)

nvd.nist.gov (CVE-2025-25048)

Download JSON