cbcvebase.
CVE-2025-46822
published 2025-05-21

CVE-2025-46822: OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit…

PriorityP259high7.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
3.85%
88.8th percentile
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.

Affected

10 ranges
VendorProductVersion rangeFixed in
msrcazl3_kernel_6.6.47.1-1_on_azure_linux_3.0
msrcazl3_kernel_6.6.51.1-5_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_kernel_5.15.164.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.167.1-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_libjpeg-turbo_2.1.2-1_on_cbl_mariner_1.0
osamataherjava-springboot-codebase< c835c6f7799eacada4c0fc77e0816f250af01ad2c835c6f7799eacada4c0fc77e0816f250af01ad2

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/files/etc/passwd
path/api/v1/files/
  • Detect HTTP GET requests to the /api/v1/files/ endpoint where the path component is an absolute path (starts with URL-encoded or literal '/'), indicating an absolute path traversal attempt against CVE-2025-46822.
  • Fingerprint vulnerable Spring Boot instances by checking for 'Whitelabel Error Page' or 'explicit mapping' strings in the HTTP response body of the root path GET /.
  • Flag HTTP 200 responses to /api/v1/files/ requests whose body matches the pattern 'root:.*:0:0:' as successful arbitrary file read exploitation.
  • The exploit URL-encodes the absolute file path before appending it to the endpoint; monitor for percent-encoded path separators (e.g., %2F) in requests to /api/v1/files/.
  • ·The patch is tied to a specific commit; instances not yet updated to commit c835c6f7799eacada4c0fc77e0816f250af01ad2 remain vulnerable. Verify the deployed commit hash before assuming remediation.

CVSS provenance

nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.