CVE-2025-0799

📊 6.5 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Feb 6, 2025

📋 Status: Analyzed

IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

2 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	ibm	app connect enterprise	≥ 12.0.1.0 ∧ ≤ 12.0.12.10	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise::::::::
📱App	ibm	app connect enterprise	≥ 13.0.1.0 ∧ ≤ 13.0.2.1	Vulnerable	cpe:2.3:a:ibm:app_connect_enterprise::::::::

📱

ibm / app connect enterprise

Application

Vulnerable

Version: ≥ 12.0.1.0 ∧ ≤ 12.0.12.10

CPE:

cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

📱

ibm / app connect enterprise

Application

Vulnerable

Version: ≥ 13.0.1.0 ∧ ≤ 13.0.2.1

CPE:

cpe:2.3:a:ibm:app_connect_enterprise:*:*:*:*:*:*:*:*

Metrics

6.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

NONE

Integrity:

HIGH

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.1% (Minimal)16.8th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Feb 6, 2025 (9 months ago)

Last Modified

Aug 12, 2025 (2 months ago)

Security Weaknesses1

CWE-22

References2

NVDgeneral