CVE-2025-69612

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions TMS Management Console version 6.3.7.27386.20250818

Description A path traversal issue exists in the TMS Management Console. The "Download Template" function within the profile dashboard does not properly handle directory traversal sequences in the filePath parameter. This allows authenticated users to potentially read arbitrary files, such as the server's Web.config.

Recommendations Apply a fix to neutralize directory traversal sequences in the filePath parameter of the "Download Template" function.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-69612

Affected Products

Management Console

CVE-2025-69612

Weakness Enumeration

Related Identifiers

Affected Products

References · 6