CVE-2025-0279: HCL Traveler is affected by generation of error messages containing sensitive information
First published: Thu Apr 03 2025(Updated: )
HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and potentially launch targeted attacks.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Notes Traveler |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-0279?
CVE-2025-0279 has been classified as a medium severity vulnerability.
How can I fix CVE-2025-0279?
To remediate CVE-2025-0279, ensure that error messages do not disclose sensitive information by adjusting logging configurations.
What systems are affected by CVE-2025-0279?
CVE-2025-0279 affects HCL Traveler software.
What kind of information is exposed in CVE-2025-0279?
CVE-2025-0279 exposes detailed error messages that may include internal paths, file names, sensitive tokens, and error codes.
Can CVE-2025-0279 be exploited by attackers?
Yes, attackers could exploit the information leaked by CVE-2025-0279 to gain insights into the system's architecture.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/severity
- agent/author
- agent/tags
- agent/event
- vendor/hcl
- canonical/ibm notes traveler