CVE-2025-27906

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7247854	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:content_navigator:3.0.11:-::::::
	cpe:2.3:a:ibm:content_navigator:3.0.15:-::::::
	cpe:2.3:a:ibm:content_navigator:3.1.0:-::::::
	cpe:2.3:a:ibm:content_navigator:3.2.0:-::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2025-10-14 15:16

Updated : 2025-10-21 14:31

NVD link : CVE-2025-27906

Mitre link : CVE-2025-27906

CVE.ORG link : CVE-2025-27906

JSON object : View

Products Affected

ibm

content_navigator

linux

linux_kernel

microsoft

windows

apple

macos

CWE

CWE-548

Exposure of Information Through Directory Listing

{"id": "CVE-2025-27906", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-10-14T15:16:08.483", "references": [{"url": "https://www.ibm.com/support/pages/node/7247854", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-548"}]}], "descriptions": [{"lang": "en", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "lastModified": "2025-10-21T14:31:09.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E22B540-6596-4B59-A703-4BFD89946F8C"}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970464FB-088C-4325-8172-39DEC02B9AF3"}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF91A6FA-A5E4-4C15-AA11-A4D1CFBAF440"}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF33918-7F0E-4034-91F4-950D5D030FD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}