CVE-2025-3356CRITICAL 9.8EPSS p27.1%

CVE-2025-3356CVE-2025-3356

Description

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 27.1% · 2026-06-19T12:03:05Z
Published2025-10-30
Last modified2025-11-07

Underlying weaknesses· 1

CWE-22

References

  1. https://www.ibm.com/support/pages/node/7249694

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3366
CVE
CVE-2025-36357
CVE
CVE-2025-3354
CVE
CVE-2025-3320
CVE
CVE-2025-3357
CVE
CVE-2025-13661
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.