CVE Catalog

CVE-2025-69612

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.89%

55th percentile - higher than 55% of all known CVEs

Summary

A path traversal vulnerability exists in TMS Management Console 6.3.7.27386.20250818 from TMS Global Software. The 'Download Template' function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

Risk Assessment

The risk involves potential leakage of sensitive configuration data (e.g., Web.config) by an authenticated user, which could lead to further attacks on the infrastructure.

Recommendation

Immediately update TMS Management Console to the latest version and implement file path validation in the Download Template function, blocking directory traversal sequences.

Original NVD description (English source)

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS