CVE-2025-67030Path Traversal in Plexus-utils

CWE-22Path Traversal13 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 51.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Codehaus-plexus Plexus-utils
Timeline
PublishedMar 25
Latest updateApr 7

Description

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Plexus-Utils has a Directory Traversal vulnerability in its extractFile method2026-03-25
CVEList
CVE-2025-67030: Directory Traversal vulnerability in the extractFile method of org2026-03-25
OSV
Plexus-Utils has a Directory Traversal vulnerability in its extractFile method2026-03-25
OSV
CVE-2025-67030: Directory Traversal vulnerability in the extractFile method of org2026-03-25

📋Vendor Advisories

3
Red Hat
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method2026-03-25
Microsoft
CVE-2025-67030: Mariner: Mariner mitre: mitre Customer Action Required: Yes2026-03-10
Debian
CVE-2025-67030: plexus-utils2 - Directory Traversal vulnerability in the extractFile method of org.codehaus.plex...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-67030 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

4
Bugzilla
CVE-2025-67030 plexus-utils: Plexus-utils: Directory Traversal in extractFile method [fedora-all]2026-04-07
Bugzilla
CVE-2025-67030 plexus-utils4: Plexus-utils: Directory Traversal in extractFile method [fedora-all]2026-04-07
Bugzilla
CVE-2025-67030 javapackages-bootstrap: Plexus-utils: Directory Traversal in extractFile method [fedora-all]2026-04-07
Bugzilla
CVE-2025-67030 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method2026-03-25
CVE-2025-67030 — Path Traversal in Plexus-utils | cvebase