CVE-2025-67030
HIGH8.8EPSS 0.43%Plexus-Utils has a Directory Traversal vulnerability in its extractFile method
Published: 3/25/2026Modified: 4/28/2026
Description
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
Affected packages (2)
- Debian/plexus-utils2from 0
- Maven/org.codehaus.plexus:plexus-utils>= 4.0.0, < 4.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-67030
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-67030
- PATCHhttps://github.com/codehaus-plexus/plexus-utils
- WEBhttps://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
- WEBhttps://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
- WEBhttps://github.com/codehaus-plexus/plexus-utils/issues/294
- WEBhttps://github.com/codehaus-plexus/plexus-utils/pull/295
- WEBhttps://github.com/codehaus-plexus/plexus-utils/pull/296
- WEBhttps://github.com/codehaus-plexus/plexus-utils/releases/tag/plexus-utils-4.0.3