CVE-2025-34320

Name of the Vulnerable Software and Affected Versions BASIS BBj versions prior to 25.00

Description BASIS BBj versions prior to 25.00 have a Jetty-served web endpoint that does not properly validate or canonicalize input path segments. This allows unauthenticated directory traversal, potentially enabling the reading of arbitrary system files accessible to the account running the service. Retrieved configuration artifacts may contain account credentials used for BBj Enterprise Manager, which could grant administrative access and allow the execution of system commands under the service account. Access to other sensitive files on the host, including operating system or application data, may also be possible, potentially exposing confidential information.

Recommendations Update BASIS BBj to version 25.00 or later.