Path Traversal Vulnerability in TMS Management Console by TMS Global Software
CVE-2025-69612

6.5MEDIUM

Key Information:

Vendor: TMS Global Software
Status: TMS Management Console
Vendor: CVE Published:; 22 January 2026

🔔 Create TMS Global Software Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-69612?

A path traversal vulnerability has been identified in TMS Management Console, specifically in the 'Download Template' function within the profile dashboard. This flaw arises due to the application's failure to properly sanitize input received through the filePath parameter, allowing authenticated users to leverage directory traversal sequences such as '../'. Consequently, an attacker can read sensitive files on the server, including potentially critical configuration files like Web.config, posing significant risks to system integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-69612
Created by Cr0wld3r

References

http://tms.com

https://tmsglobalsoft.com/

https://github.com/Cr0wld3r/CVE-2025-69612/blob/main/PoC.md

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 22, 2026
👾
Exploit known to exist
Jan 22, 2026
Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 9, 2026

JSON

TMS Global Software