CVE-2025-69612

MEDIUM

Tmsglobalsoft Tms Management Console - Path Traversal

Title source: rule

Description

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

Exploits (1)

nomisec WRITEUP 1 stars

by Cr0wld3r · poc

https://github.com/Cr0wld3r/CVE-2025-69612

View Code ZIP pw:eip

References (3)

[Not Applicable] http://tms.com

[Third Party Advisory, Exploit] https://github.com/Cr0wld3r/CVE-2025-69612/blob/main/PoC.md

[Product] https://tmsglobalsoft.com/

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 28.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

tmsglobalsoft/tms_management_console < 6.3.7.27386.20250818

Published Jan 22, 2026

Tracked Since Feb 18, 2026