CVE-2025-67030

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions plexus-utils versions prior to 6d780b3378829318ba5c2d29547e0012d5b29642

Description A directory traversal issue exists in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils. This allows an attacker to execute arbitrary code.

Recommendations Update plexus-utils to a version newer than 6d780b3378829318ba5c2d29547e0012d5b29642.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CLEANSTART-2026-AO61361

CLEANSTART-2026-PV53006

CVE-2025-67030

GHSA-6FMV-XXPF-W3CW

OPENSUSE-SU-2026:10439-1

OPENSUSE-SU-2026:20535-1

SUSE-SU-2026:1396-1

SUSE-SU-2026:21194-1

Affected Products

Plexus-Utils

CVE-2025-67030

Weakness Enumeration

Related Identifiers

Affected Products

References · 85