Security Advisory

CVE-2025-69612

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-22 00:00:00

Last updated 2026-01-22 17:10:30

Assigner mitre

State PUBLISHED

Description

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the servers Web.config.

← Browse all CVEs View on cve.org ↗