{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27906", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-10T17:14:11.135Z", "datePublished": "2025-10-14T14:08:42.994Z", "dateUpdated": "2025-10-14T19:09:55.400Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Content Navigator", "vendor": "IBM", "versions": [{"status": "affected", "version": "3.0.11"}, {"status": "affected", "version": "3.0.15"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-14T14:08:42.994Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7247854"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h2>Remediation/Fixes</h2><p></p><div><table><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td><td>Fix</td></tr><tr><td>IBM Content Navigator</td><td>3.0.11</td><td>ICN 3.0.11-IF021</td></tr><tr><td>IBM Content Navigator</td><td>3.0.15</td><td>ICN 3.0.15-IF007</td></tr><tr><td>IBM Content Navigator</td><td>3.1.0</td><td>ICN 3.1.0-IF6</td></tr><tr><td>IBM Content Navigator</td><td>3.2.0</td><td>ICN 3.2.0-IF1</td></tr></tbody></table></div>\n\n<br>"}], "value": "Remediation/Fixes\n\nAffected Product(s)Version(s)FixIBM Content Navigator3.0.11ICN 3.0.11-IF021IBM Content Navigator3.0.15ICN 3.0.15-IF007IBM Content Navigator3.1.0ICN 3.1.0-IF6IBM Content Navigator3.2.0ICN 3.2.0-IF1"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Content Navigator information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T19:09:46.865547Z", "id": "CVE-2025-27906", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T19:09:55.400Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27906", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T19:09:46.865547Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T19:09:51.376Z"}}], "cna": {"title": "IBM Content Navigator information disclosure", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.2.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Content Navigator", "versions": [{"status": "affected", "version": "3.0.11"}, {"status": "affected", "version": "3.0.15"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.2.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Remediation/Fixes\n\nAffected Product(s)Version(s)FixIBM Content Navigator3.0.11ICN 3.0.11-IF021IBM Content Navigator3.0.15ICN 3.0.15-IF007IBM Content Navigator3.1.0ICN 3.1.0-IF6IBM Content Navigator3.2.0ICN 3.2.0-IF1", "supportingMedia": [{"type": "text/html", "value": "<h2>Remediation/Fixes</h2><p></p><div><table><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td><td>Fix</td></tr><tr><td>IBM Content Navigator</td><td>3.0.11</td><td>ICN 3.0.11-IF021</td></tr><tr><td>IBM Content Navigator</td><td>3.0.15</td><td>ICN 3.0.15-IF007</td></tr><tr><td>IBM Content Navigator</td><td>3.1.0</td><td>ICN 3.1.0-IF6</td></tr><tr><td>IBM Content Navigator</td><td>3.2.0</td><td>ICN 3.2.0-IF1</td></tr></tbody></table></div>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7247854", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.", "supportingMedia": [{"type": "text/html", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-14T14:08:42.994Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27906", "state": "PUBLISHED", "dateUpdated": "2025-10-14T19:09:55.400Z", "dateReserved": "2025-03-10T17:14:11.135Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2025-10-14T14:08:42.994Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.11:-:*:*:*:*:*:*", "matchCriteriaId": "3E22B540-6596-4B59-A703-4BFD89946F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.0.15:-:*:*:*:*:*:*", "matchCriteriaId": "970464FB-088C-4325-8172-39DEC02B9AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "AF91A6FA-A5E4-4C15-AA11-A4D1CFBAF440", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:content_navigator:3.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "9EF33918-7F0E-4034-91F4-950D5D030FD3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "id": "CVE-2025-27906", "lastModified": "2025-10-21T14:31:09.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Primary"}]}, "published": "2025-10-14T15:16:08.483", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7247854"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-548"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}