CVE-2025-67030

CVE Details

Release Date:2026-03-25
Impact:Important What is this?

Description


Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

See more information about CVE-2025-67030 from MITRE CVE dictionary and NIST NVD


NOTE: The following CVSS metrics and score provided are preliminary and subject to review.


CVSS v3 metrics

Base Score: 8.3
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Version: 3.1
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low

Errata information


PlatformErrataRelease Date
Oracle Linux version 9 (aopalliance) ELSA-2026-385002026-07-15
Oracle Linux version 9 (apache-commons-cli) ELSA-2026-385002026-07-15
Oracle Linux version 9 (apache-commons-codec) ELSA-2026-385002026-07-15
Oracle Linux version 9 (apache-commons-io) ELSA-2026-385002026-07-15
Oracle Linux version 9 (atinject) ELSA-2026-385002026-07-15
Oracle Linux version 9 (google-guice) ELSA-2026-385002026-07-15
Oracle Linux version 9 (guava) ELSA-2026-385002026-07-15
Oracle Linux version 9 (httpcomponents-client) ELSA-2026-385002026-07-15
Oracle Linux version 9 (httpcomponents-core) ELSA-2026-385002026-07-15
Oracle Linux version 9 (jakarta-annotations) ELSA-2026-385002026-07-15
Oracle Linux version 9 (jansi) ELSA-2026-385002026-07-15
Oracle Linux version 9 (jsr-305) ELSA-2026-385002026-07-15
Oracle Linux version 9 (maven) ELSA-2026-385002026-07-15
Oracle Linux version 9 (maven-resolver) ELSA-2026-385002026-07-15
Oracle Linux version 9 (maven-shared-utils) ELSA-2026-385002026-07-15
Oracle Linux version 9 (maven-wagon) ELSA-2026-385002026-07-15
Oracle Linux version 9 (plexus-cipher) ELSA-2026-385002026-07-15
Oracle Linux version 9 (plexus-classworlds) ELSA-2026-385002026-07-15
Oracle Linux version 9 (plexus-containers) ELSA-2026-385002026-07-15
Oracle Linux version 9 (plexus-interpolation) ELSA-2026-385002026-07-15
Oracle Linux version 9 (plexus-sec-dispatcher) ELSA-2026-385002026-07-15
Oracle Linux version 9 (plexus-utils) ELSA-2026-385002026-07-15
Oracle Linux version 9 (sisu) ELSA-2026-385002026-07-15
Oracle Linux version 9 (slf4j) ELSA-2026-385002026-07-15


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete