Bug 2451409 (CVE-2025-67030) - CVE-2025-67030 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
Summary: CVE-2025-67030 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Trav...
Keywords:
Status: NEW
Alias: CVE-2025-67030
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2451511 2451513 2451514 2451517 2451520 2451521 2451522 2451523 2451526 2451528 2451529 2451530 2451531 2451532 2451537 2451538 2451540 2451541 2451542 2451543 2451545 2451546 2451547 2451548 2451549 2451550 2451551 2451552 2451553 2451554 2451556 2451557 2455967 2455968 2455969 2451512 2451515 2451516 2451518 2451519 2451524 2451525 2451527 2451533 2451534 2451535 2451536 2451539 2451544 2451555
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-25 18:02 UTC by OSIDB Bzimport
Modified: 2026-06-02 14:29 UTC (History)
114 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:17668 0 None None None 2026-05-14 16:56:41 UTC

Description OSIDB Bzimport 2026-03-25 18:02:25 UTC 
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
Comment 3 errata-xmlrpc 2026-05-14 16:56:34 UTC 
This issue has been addressed in the following products:

  Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14

Via RHSA-2026:17668 https://access.redhat.com/errata/RHSA-2026:17668
Note You need to log in before you can comment on or make changes to this bug.