PT-2026-44225 · Apache · Apache Ignite
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2025-48977
CVSS v4.0
8.5
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Apache Ignite versions 2.0.0 through 2.17.0
Description
A relative path traversal issue exists in the REST API. Authenticated users can read arbitrary files on the server by utilizing the "cmd=log" command with a specifically crafted log path. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables and parameters.
Recommendations
Upgrade to version 2.18.0.
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ignite