CVE-2025-69612
MediumCVSS 6.5Exploitation Probability (EPSS)
Elevated risk55th percentile - higher than 55% of all known CVEs
Summary
A path traversal vulnerability exists in TMS Management Console 6.3.7.27386.20250818 from TMS Global Software. The 'Download Template' function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.
Risk Assessment
The risk involves potential leakage of sensitive configuration data (e.g., Web.config) by an authenticated user, which could lead to further attacks on the infrastructure.
Recommendation
Immediately update TMS Management Console to the latest version and implement file path validation in the Download Template function, blocking directory traversal sequences.
Original NVD description (English source)
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

