CVE-2025-27906

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

BM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.

References

Link	Resource
https://www.ibm.com/support/pages/node/7247854	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:content_navigator:3.0.11:-::::::
	cpe:2.3:a:ibm:content_navigator:3.0.15:-::::::
	cpe:2.3:a:ibm:content_navigator:3.1.0:-::::::
	cpe:2.3:a:ibm:content_navigator:3.2.0:-::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

21 Oct 2025, 14:31

Type	Values Removed	Values Added
First Time		Microsoft windows Microsoft Linux Apple Ibm Linux linux Kernel Ibm content Navigator Apple macos
References	~~() https://www.ibm.com/support/pages/node/7247854 -~~	() https://www.ibm.com/support/pages/node/7247854 - Vendor Advisory
CPE		cpe:2.3:a:ibm:content_navigator:3.0.11:-:::::: cpe:2.3:a:ibm:content_navigator:3.2.0:-:::::: cpe:2.3:a:ibm:content_navigator:3.1.0:-:::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:ibm:content_navigator:3.0.15:-::::::

14 Oct 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-14 15:16

Updated : 2025-10-21 14:31

NVD link : CVE-2025-27906

Mitre link : CVE-2025-27906

CVE.ORG link : CVE-2025-27906

JSON object : View

Products Affected

macos

linux_kernel

content_navigator

windows

CWE

CWE-548

Exposure of Information Through Directory Listing

{"id": "CVE-2025-27906", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-10-14T15:16:08.483", "references": [{"url": "https://www.ibm.com/support/pages/node/7247854", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-548"}]}], "descriptions": [{"lang": "en", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "lastModified": "2025-10-21T14:31:09.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E22B540-6596-4B59-A703-4BFD89946F8C"}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970464FB-088C-4325-8172-39DEC02B9AF3"}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.1.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF91A6FA-A5E4-4C15-AA11-A4D1CFBAF440"}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.2.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF33918-7F0E-4034-91F4-950D5D030FD3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}