CVE-2025-70952

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pf4j versions prior to 20c2f80

Description The software contains a path traversal issue in the extract() function within the Unzip.java file. Improper handling of zip entry names can lead to directory traversal or Zip Slip attacks because of insufficient path normalization and validation.

Recommendations Update to version 20c2f80 or later.

Exploit

Fix

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

CVE-2025-70952

GHSA-5458-7HH9-V7P4

Affected Products

Pf4J

CVE-2025-70952

Weakness Enumeration

Related Identifiers

Affected Products

References · 12