SpirityCVE

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Codehaus-plexus	Plexus-utils

No data.

References

Link	Providers
https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
https://github.com/codehaus-plexus/plexus-utils/issues/294
https://github.com/codehaus-plexus/plexus-utils/pull/295
https://github.com/codehaus-plexus/plexus-utils/pull/296
https://nvd.nist.gov/vuln/detail/CVE-2025-67030
https://www.cve.org/CVERecord?id=CVE-2025-67030

History

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-94

Thu, 26 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Codehaus-plexus Codehaus-plexus plexus-utils
Vendors & Products		Codehaus-plexus Codehaus-plexus plexus-utils

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Title	Directory Traversal in Plexus Utils ExtractFile Leading to Arbitrary Code Execution	org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
References		https://nvd.nist.gov/vuln/detail/CVE-2025-67030 https://www.cve.org/CVERecord?id=CVE-2025-67030
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}` threat_severity `Important`

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Directory Traversal in Plexus Utils ExtractFile Leading to Arbitrary Code Execution
Weaknesses		CWE-22 CWE-94

Wed, 25 Mar 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
References		https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642 https://github.com/codehaus-plexus/plexus-utils/issues/294 https://github.com/codehaus-plexus/plexus-utils/pull/295 https://github.com/codehaus-plexus/plexus-utils/pull/296

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-25T00:00:00.000Z

Updated: 2026-03-25T17:45:41.937Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-67030

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-25T18:16:25.880

Modified: 2026-03-26T15:13:15.790

Link: CVE-2025-67030

Redhat

Severity : Important

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2025-67030 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object