Cyber Posture

CVE-2025-3356

High

Published: 30 October 2025

Published
30 October 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0018 38.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-3356 is a high-severity Path Traversal (CWE-22) vulnerability in Ibm Tivoli Monitoring. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Information input validation directly prevents directory traversal attacks by checking and rejecting specially crafted URL requests containing '../' sequences.

SI-2 Flaw Remediation good match
prevent

Flaw remediation ensures the specific directory traversal vulnerability in IBM Tivoli Monitoring is identified and patched per the IBM advisory.

SC-7 Boundary Protection partial match
preventdetect

Boundary protection at external interfaces monitors and controls network traffic to block or detect malicious directory traversal requests.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Directory traversal in public-facing IBM Tivoli Monitoring enables remote unauthenticated exploitation (T1190) for arbitrary file read/write (confidentiality/integrity impacts) and high availability disruption via file manipulation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to…

more

arbitrary files on the system.

Deeper analysisAI

CVE-2025-3356 is a directory traversal vulnerability (CWE-22) affecting IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 21. It enables a remote attacker to access files outside the intended directory by sending a specially crafted URL request containing "dot dot" sequences (/../). The vulnerability has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H), rated as High severity due to its potential for significant impact.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to view arbitrary files for limited confidentiality loss, overwrite or append to arbitrary files for limited integrity impact, and potentially cause high availability disruption, such as denial of service through file manipulation.

IBM has published an advisory at https://www.ibm.com/support/pages/node/7249694 providing details on the vulnerability, affected versions, and recommended mitigations or patches. Security practitioners should consult this resource for specific remediation steps.

Details

CWE(s)
CWE-22

Affected Products

ibm
tivoli monitoring
6.3.0.7

CVEs Like This One

CVE-2025-3354Same product: Ibm Tivoli Monitoring
CVE-2025-3320Same product: Ibm Tivoli Monitoring
CVE-2025-14914Same vendor: Ibm
CVE-2025-36236Same vendor: Ibm
CVE-2024-45652Same vendor: Ibm
CVE-2026-1376Same vendor: Ibm
CVE-2025-12531Same vendor: Ibm
CVE-2024-49352Same vendor: Ibm
CVE-2025-36070Same vendor: Ibm
CVE-2023-49886Same vendor: Ibm

References