Bug 2451409 (CVE-2025-67030) - CVE-2025-67030 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
Summary: CVE-2025-67030 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Trav...
Keywords:
Status: NEW
Alias: CVE-2025-67030
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2451511 2451513 2451514 2451517 2451520 2451521 2451522 2451523 2451526 2451528 2451529 2451530 2451531 2451532 2451537 2451538 2451540 2451541 2451542 2451543 2451545 2451546 2451547 2451548 2451549 2451550 2451551 2451552 2451553 2451554 2451556 2451557 2455967 2455968 2455969 2451512 2451515 2451516 2451518 2451519 2451524 2451525 2451527 2451533 2451534 2451535 2451536 2451539 2451544 2451555
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 18:02 UTC by OSIDB Bzimport
Modified: 2026-07-16 10:45 UTC (History)
114 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:17668 0 None None None 2026-05-14 16:56:41 UTC
Red Hat Product Errata RHSA-2026:18054 0 None None None 2026-06-24 19:29:29 UTC
Red Hat Product Errata RHSA-2026:18055 0 None None None 2026-06-24 19:27:31 UTC
Red Hat Product Errata RHSA-2026:18059 0 None None None 2026-06-24 19:27:15 UTC
Red Hat Product Errata RHSA-2026:35990 0 None None None 2026-07-06 15:37:02 UTC
Red Hat Product Errata RHSA-2026:35991 0 None None None 2026-07-06 15:37:21 UTC
Red Hat Product Errata RHSA-2026:35992 0 None None None 2026-07-06 15:42:45 UTC
Red Hat Product Errata RHSA-2026:35996 0 None None None 2026-07-06 15:47:27 UTC
Red Hat Product Errata RHSA-2026:35997 0 None None None 2026-07-06 15:50:25 UTC
Red Hat Product Errata RHSA-2026:36012 0 None None None 2026-07-06 18:01:23 UTC
Red Hat Product Errata RHSA-2026:38500 0 None None None 2026-07-13 10:21:23 UTC
Red Hat Product Errata RHSA-2026:38514 0 None None None 2026-07-13 03:43:49 UTC
Red Hat Product Errata RHSA-2026:38796 0 None None None 2026-07-13 10:47:33 UTC
Red Hat Product Errata RHSA-2026:40841 0 None None None 2026-07-16 10:45:17 UTC

Description OSIDB Bzimport 2026-03-25 18:02:25 UTC
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

Comment 3 errata-xmlrpc 2026-05-14 16:56:34 UTC
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14

Via RHSA-2026:17668 https://access.redhat.com/errata/RHSA-2026:17668

Comment 5 errata-xmlrpc 2026-06-24 19:27:09 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1

Via RHSA-2026:18059 https://access.redhat.com/errata/RHSA-2026:18059

Comment 6 errata-xmlrpc 2026-06-24 19:27:25 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Via RHSA-2026:18055 https://access.redhat.com/errata/RHSA-2026:18055

Comment 7 errata-xmlrpc 2026-06-24 19:29:23 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Via RHSA-2026:18054 https://access.redhat.com/errata/RHSA-2026:18054

Comment 8 errata-xmlrpc 2026-07-06 15:36:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:35990 https://access.redhat.com/errata/RHSA-2026:35990

Comment 9 errata-xmlrpc 2026-07-06 15:37:14 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:35991 https://access.redhat.com/errata/RHSA-2026:35991

Comment 10 errata-xmlrpc 2026-07-06 15:42:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:35992 https://access.redhat.com/errata/RHSA-2026:35992

Comment 11 errata-xmlrpc 2026-07-06 15:47:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:35996 https://access.redhat.com/errata/RHSA-2026:35996

Comment 12 errata-xmlrpc 2026-07-06 15:50:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:35997 https://access.redhat.com/errata/RHSA-2026:35997

Comment 13 errata-xmlrpc 2026-07-06 18:01:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:36012 https://access.redhat.com/errata/RHSA-2026:36012

Comment 14 errata-xmlrpc 2026-07-13 03:43:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:38514 https://access.redhat.com/errata/RHSA-2026:38514

Comment 15 errata-xmlrpc 2026-07-13 10:21:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:38500 https://access.redhat.com/errata/RHSA-2026:38500

Comment 16 errata-xmlrpc 2026-07-13 10:47:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:38796 https://access.redhat.com/errata/RHSA-2026:38796

Comment 17 errata-xmlrpc 2026-07-16 10:45:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:40841 https://access.redhat.com/errata/RHSA-2026:40841


Note You need to log in before you can comment on or make changes to this bug.