Path Traversal Vulnerability in TMS Management Console by TMS Global Software
CVE-2025-69612

Currently unrated

Key Information:

Vendor: TMS Global Software
Status: TMS Management Console
Vendor: CVE Published:; 22 January 2026

🔔 Create TMS Global Software Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-69612?

A path traversal vulnerability has been identified in TMS Management Console, specifically in the 'Download Template' function within the profile dashboard. This flaw arises due to the application's failure to properly sanitize input received through the filePath parameter, allowing authenticated users to leverage directory traversal sequences such as '../'. Consequently, an attacker can read sensitive files on the server, including potentially critical configuration files like Web.config, posing significant risks to system integrity and confidentiality.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-69612
Created by Cr0wld3r

References

http://tms.com

https://tmsglobalsoft.com/

https://github.com/Cr0wld3r/CVE-2025-69612/blob/main/PoC.md

Timeline

🟡
Public PoC available
Jan 22, 2026
👾
Exploit known to exist
Jan 22, 2026
Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Jan 9, 2026

JSON