PatchSiren cyber security CVE debrief
CVE-2025-67030 Codehaus Plexus CVE debrief
CVE-2025-67030 is a high-severity directory traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before version 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code. The vulnerability has a CVSS score of 8.8 and is classified as HIGH. The CVE was published on 2026-03-25T18:16:25.880Z and last modified on 2026-06-30T03:16:57.343Z.
- Vendor
- Codehaus Plexus
- Product
- plexus-utils
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-06-30
Who should care
This vulnerability affects users of Plexus-Utils, particularly those using versions before 6d780b3378829318ba5c2d29547e0012d5b29642. Developers and administrators should review their dependencies and update to the latest version to mitigate the risk. Red Hat users may also be affected, as indicated by multiple RHSA errata references.
Technical summary
The vulnerability is caused by a directory traversal issue in the extractFile method of org.codehaus.plexus.util.Expand. This method does not properly sanitize input, allowing an attacker to traverse the directory structure and potentially execute arbitrary code. The issue is addressed in commit 6d780b3378829318ba5c2d29547e0012d5b29642. Multiple references, including GitHub issues and Red Hat errata, provide additional context and mitigation strategies.
Defensive priority
This vulnerability has a high CVSS score of 8.8, indicating a critical severity level. Immediate attention is required to mitigate the risk of arbitrary code execution.
Recommended defensive actions
- Review and update Plexus-Utils to version 6d780b3378829318ba5c2d29547e0012d5b29642 or later.
- Check dependencies and inventory for affected versions.
- Apply patches or updates provided by the vendor or community.
- Monitor for suspicious activity and implement compensating controls.
- Review and implement secure coding practices to prevent similar vulnerabilities.
Evidence notes
The CVE record and NVD detail provide official information on the vulnerability. Multiple references, including GitHub issues and Red Hat errata, offer additional context and mitigation strategies. However, the exact scope of affected systems and potential attack vectors may require further investigation.
Official resources
-
CVE-2025-67030 CVE record
CVE.org
-
CVE-2025-67030 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Patch
-
Source reference
[email protected] - Issue Tracking
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.