Vulnerability Details CVE-2025-0799
IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.6%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-0799
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.1.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.10.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.11.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.11.1
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.11.2
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.11.3
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.1
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.10
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.2
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.3
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.4
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.5
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.6
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.7
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.8
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.12.9
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.2.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.3.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.4.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.5.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.6.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.7.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.8.0
-
cpe:2.3:a:ibm:app_connect_enterprise:12.0.9.0
-
cpe:2.3:a:ibm:app_connect_enterprise:13.0.1.0
-
cpe:2.3:a:ibm:app_connect_enterprise:13.0.2.1