CVE-2025-20059: PingAM Java Policy Agent path traversal

9.2 CVSS

Description

Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.

Classification

CVE ID: CVE-2025-20059

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.2

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N

Affected Products

Vendor: Ping Identity

Product: PingAM Java Policy Agent

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 17.15% (scored less or equal to compared to others)

EPSS Date: 2025-03-21 (when was this score calculated)

References

https://backstage.forgerock.com/knowledge/advisories/article/a61848355

Timeline

2025-02-21 00:25:35 UTC
CVE

PingAM Java Policy Agent path traversal