CVE-2025-33004

IBM Planning Analytics Local path traversal

Description

IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.

Solution:

It is strongly recommended that you apply the most recent security updates: IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central

Link	Tags
https://www.ibm.com/support/pages/node/7235182	vendor advisory

What is the severity of CVE-2025-33004?: CVE-2025-33004 has been scored as a medium severity vulnerability.
How to fix CVE-2025-33004?: To fix CVE-2025-33004: It is strongly recommended that you apply the most recent security updates: IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1 IBM Planning Analytics Local 2.1.11 is now available for download from Fix Central IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.0 Download IBM Planning Analytics Local v2.0: Planning Analytics Workspace Release 104 from Fix Central
Is CVE-2025-33004 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-33004 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-33004?: CVE-2025-33004 affects IBM Planning Analytics Local.