CVE-2025-11919
published 2026-06-26CVE-2025-11919: The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance…
PriorityP261critical9.6CVSS 3.1
AVNACLPRLUINSCCHIHAN
EPSS
0.40%
31.8th percentile
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wolfram_research_inc | cloud | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-26
Published