← back
CVE-2025-0799

IBM App Connect Enterprise Arbitrary File Write

CVSS 6.5 MEDIUMEPSS 0.5%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
06 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N