{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0278", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-01-06T16:01:35.708Z", "datePublished": "2025-04-03T22:07:59.761Z", "dateUpdated": "2025-04-04T18:32:44.020Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL Traveler", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "<=14.0.0.1"}]}], "datePublic": "2025-04-03T21:58:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.</span><br>"}], "value": "HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-04-04T03:52:03.504Z"}, "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120335"}], "source": {"discovery": "UNKNOWN"}, "title": "An internal path disclosure vulnerability affects HCL Traveler", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-04T18:31:59.494988Z", "id": "CVE-2025-0278", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T18:32:44.020Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0278", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-04T18:31:59.494988Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-04T18:32:39.191Z"}}], "cna": {"title": "An internal path disclosure vulnerability affects HCL Traveler", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL Software", "product": "HCL Traveler", "versions": [{"status": "affected", "version": "<=14.0.0.1"}], "defaultStatus": "unaffected"}], "datePublic": "2025-04-03T21:58:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120335"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2025-04-04T03:52:03.504Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0278", "state": "PUBLISHED", "dateUpdated": "2025-04-04T18:32:44.020Z", "dateReserved": "2025-01-06T16:01:35.708Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2025-04-03T22:07:59.761Z", "assignerShortName": "HCL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:traveler:*:*:*:*:*:*:*:*", "matchCriteriaId": "88054BA7-F9D1-41E4-AEA8-D362CEB4A4CC", "versionEndIncluding": "14.0.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests."}, {"lang": "es", "value": "HCL Traveler se ve afectado por una divulgaci\u00f3n de ruta interna en una aplicaci\u00f3n de Windows cuando la aplicaci\u00f3n revela inadvertidamente rutas de archivos internas, en mensajes de error, registros de depuraci\u00f3n o respuestas a solicitudes de usuario."}], "id": "CVE-2025-0278", "lastModified": "2025-10-10T16:47:30.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2025-04-03T22:15:16.563", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0120335"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{}