| Release Date: | 2026-03-25 | |
| Impact: | Important | What is this? |
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
See more information about CVE-2025-67030 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
| Base Score: | 8.3 |
| Vector String: | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
| Version: | 3.1 |
| Attack Vector: | Network |
| Attack Complexity: | Low |
| Privileges Required: | None |
| User Interaction: | None |
| Scope: | Changed |
| Confidentiality Impact: | Low |
| Integrity Impact: | Low |
| Availability Impact: | Low |
| Platform | Errata | Release Date |
| Oracle Linux version 9 (aopalliance) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (apache-commons-cli) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (apache-commons-codec) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (apache-commons-io) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (atinject) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (google-guice) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (guava) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (httpcomponents-client) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (httpcomponents-core) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (jakarta-annotations) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (jansi) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (jsr-305) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (maven) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (maven-resolver) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (maven-shared-utils) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (maven-wagon) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (plexus-cipher) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (plexus-classworlds) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (plexus-containers) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (plexus-interpolation) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (plexus-sec-dispatcher) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (plexus-utils) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (sisu) | ELSA-2026-38500 | 2026-07-15 |
| Oracle Linux version 9 (slf4j) | ELSA-2026-38500 | 2026-07-15 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: