CVE-2025-27906 MEDIUM

CVE-2025-27906: IBM Content Navigator information disclosure

Vendor Ibm
Product Content Navigator
Weakness CWE-548 · Directory listing
Published October 14, 2025
Last update October 14, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be read obtained or modified.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated