Skip to main content

Planning Analytics Local EUVDEUVD-2025-16573

| CVE-2025-33004 MEDIUM
Path Traversal (CWE-22)
2025-06-01 psirt@us.ibm.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 16:42 euvd
EUVD-2025-16573
Analysis Generated
Mar 14, 2026 - 16:42 vuln.today
CVE Published
Jun 01, 2025 - 12:15 nvd
MEDIUM 6.5

DescriptionCVE.org

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

Analysis

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

CVE-2024-35143 CRITICAL
9.1 Aug 04

IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. Rated critical severity (CVSS 9.1), this vulnerab

CVE-2020-4367 HIGH
7.5 Jun 02

IBM Planning Analytics Local 2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decr

CVE-2026-1267 MEDIUM
6.5 Mar 17

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain an improper access control vulnerability (CWE-200) th

CVE-2025-33005 MEDIUM
6.3 Jun 01

IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated u

CVE-2020-4503 MEDIUM
6.1 Jun 02

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2020-4366 MEDIUM
6.1 Jun 02

IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2018-1676 MEDIUM
6.1 Jul 06

IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this

CVE-2025-14806 MEDIUM
5.7 Mar 17

IBM Planning Analytics Local versions 2.1.0 through 2.1.17 contain a cache poisoning vulnerability (CWE-524) where attac

CVE-2025-25044 MEDIUM
5.4 Jun 01

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticat

CVE-2024-31908 MEDIUM
5.4 May 31

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4),

CVE-2024-31907 MEDIUM
5.4 May 31

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

CVE-2024-31889 MEDIUM
5.4 May 31

IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this v

Share

EUVD-2025-16573 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy