CVE-2025-20059

CRITICAL

PingAM Java Policy Agent <5.10.3-2024.9 - Path Traversal

Title source: llm

Description

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.

References (1)

[Various Sources] https://backstage.forgerock.com/knowledge/advisories/article/a61848355

Scores

CVSS v3 9.1

EPSS 0.0102

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-23

Status published

Products (3)

Ping Identity/PingAM Java Policy Agent < 2023.11.1

Ping Identity/PingAM Java Policy Agent < 2024.9

Ping Identity/PingAM Java Policy Agent < 5.10.3

Published Feb 20, 2025

Tracked Since Feb 18, 2026