Unrated severityNVD Advisory· Published Jan 22, 2026· Updated Jan 22, 2026

CVE-2025-69612

Description

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users to read arbitrary files, such as the server's Web.config.

Affected products

TMS Global Software/Management Consoledescription
Avira/Management Consolellm-fuzzy
Range: = 6.3.7.27386.20250818

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tms.commitre
github.com/Cr0wld3r/CVE-2025-69612/blob/main/PoC.mdmitre
tmsglobalsoft.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000