CVE-2025-27906
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-21
Assigner: IBM Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| ibm | content_navigator | 3.0.11 |
| ibm | content_navigator | 3.0.15 |
| ibm | content_navigator | 3.1.0 |
| ibm | content_navigator | 3.2.0 |
| apple | macos | * |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-548 | The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-27906 is a Local File Inclusion (LFI) vulnerability in IBM Content Navigator versions 3.0.11, 3.0.15, 3.1.0, and 3.2.0. It allows an attacker to manipulate the application URL to expose the directory listing of the application on the server. This means the attacker can see the files and folders of the application through a browser, but cannot read, obtain, or modify the contents of those files. [1]
How can this vulnerability impact me? :
This vulnerability can expose the directory structure of the IBM Content Navigator application to an attacker without requiring authentication or user interaction. While the attacker cannot read or modify file contents, the exposure of directory listings can provide useful information for further attacks or reconnaissance, potentially increasing the risk to the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the application URL of IBM Content Navigator versions 3.0.11, 3.0.15, 3.1.0, or 3.2.0 and checking if the directory listing is exposed in the browser. Since the vulnerability involves directory listing exposure via HTTP(S) requests, you can use tools like curl or wget to send requests to the application URL and observe if directory contents are returned. For example, a command like 'curl -I http://<target>/path/' or 'curl http://<target>/path/' can be used to check for directory listings. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the IBM fixes released for the affected versions of IBM Content Navigator. The fixes are: ICN 3.0.11-IF021 for version 3.0.11, ICN 3.0.15-IF007 for version 3.0.15, ICN 3.1.0-IF6 for version 3.1.0, and ICN 3.2.0-IF1 for version 3.2.0. IBM strongly recommends applying these fixes promptly as there are no workarounds or other mitigations available. [1]