CVE-2025-27906 - Vulnerability Details - OpenCVE

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Content Navigator

No data.

No data.

No data.

References

Link	Providers
https://www.ibm.com/support/pages/node/7247854

History

Tue, 14 Oct 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Oct 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.
Title		IBM Content Navigator information disclosure
First Time appeared		Ibm Ibm content Navigator
Weaknesses		CWE-548
CPEs		cpe:2.3:a:ibm:content_navigator:3.0.11:::::::* cpe:2.3:a:ibm:content_navigator:3.0.15:::::::* cpe:2.3:a:ibm:content_navigator:3.1.0:::::::* cpe:2.3:a:ibm:content_navigator:3.2.0:::::::*
Vendors & Products		Ibm Ibm content Navigator
References		https://www.ibm.com/support/pages/node/7247854
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-10-14T14:08:42.994Z

Updated: 2025-10-14T19:09:55.400Z

Reserved: 2025-03-10T17:14:11.135Z

Link: CVE-2025-27906

Vulnrichment

Updated: 2025-10-14T19:09:51.376Z

NVD

Status : Awaiting Analysis

Published: 2025-10-14T15:16:08.483

Modified: 2025-10-14T19:36:29.240

Link: CVE-2025-27906

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27906", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-10T17:14:11.135Z", "datePublished": "2025-10-14T14:08:42.994Z", "dateUpdated": "2025-10-14T19:09:55.400Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Content Navigator", "vendor": "IBM", "versions": [{"status": "affected", "version": "3.0.11"}, {"status": "affected", "version": "3.0.15"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-14T14:08:42.994Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7247854"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h2>Remediation/Fixes</h2><p></p><div><table><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td><td>Fix</td></tr><tr><td>IBM Content Navigator</td><td>3.0.11</td><td>ICN 3.0.11-IF021</td></tr><tr><td>IBM Content Navigator</td><td>3.0.15</td><td>ICN 3.0.15-IF007</td></tr><tr><td>IBM Content Navigator</td><td>3.1.0</td><td>ICN 3.1.0-IF6</td></tr><tr><td>IBM Content Navigator</td><td>3.2.0</td><td>ICN 3.2.0-IF1</td></tr></tbody></table></div>\n\n<br>"}], "value": "Remediation/Fixes\n\nAffected Product(s)Version(s)FixIBM Content Navigator3.0.11ICN 3.0.11-IF021IBM Content Navigator3.0.15ICN 3.0.15-IF007IBM Content Navigator3.1.0ICN 3.1.0-IF6IBM Content Navigator3.2.0ICN 3.2.0-IF1"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Content Navigator information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T19:09:46.865547Z", "id": "CVE-2025-27906", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T19:09:55.400Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27906", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-10T17:14:11.135Z", "datePublished": "2025-10-14T14:08:42.994Z", "dateUpdated": "2025-10-14T19:09:55.400Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:content_navigator:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:content_navigator:3.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Content Navigator", "vendor": "IBM", "versions": [{"status": "affected", "version": "3.0.11"}, {"status": "affected", "version": "3.0.15"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.2.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "value": "IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-548", "description": "CWE-548 Exposure of Information Through Directory Listing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-14T14:08:42.994Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7247854"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h2>Remediation/Fixes</h2><p></p><div><table><tbody><tr><td>Affected Product(s)</td><td>Version(s)</td><td>Fix</td></tr><tr><td>IBM Content Navigator</td><td>3.0.11</td><td>ICN 3.0.11-IF021</td></tr><tr><td>IBM Content Navigator</td><td>3.0.15</td><td>ICN 3.0.15-IF007</td></tr><tr><td>IBM Content Navigator</td><td>3.1.0</td><td>ICN 3.1.0-IF6</td></tr><tr><td>IBM Content Navigator</td><td>3.2.0</td><td>ICN 3.2.0-IF1</td></tr></tbody></table></div>\n\n<br>"}], "value": "Remediation/Fixes\n\nAffected Product(s)Version(s)FixIBM Content Navigator3.0.11ICN 3.0.11-IF021IBM Content Navigator3.0.15ICN 3.0.15-IF007IBM Content Navigator3.1.0ICN 3.1.0-IF6IBM Content Navigator3.2.0ICN 3.2.0-IF1"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Content Navigator information disclosure", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27906", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T19:09:46.865547Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T19:09:51.376Z"}}]}}