Vulnerability CVE-2025-67030: Information

Description

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-67030
Published: March 25, 2026
Modified: April 1, 2026
Error type identifier: CWE-22

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kafkasisyphus4.2.0-alt24.2.0-alt4ALT-PU-2026-5782-1414376Fixed
kafkasisyphus_loongarch644.2.0-alt34.2.0-alt4ALT-PU-2026-5915-1-Fixed
kafkac10f24.2.0-alt33.9.1-alt2.c10.1ALT-PU-2026-5788-1414377Testing

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
  • Third Party Advisory
https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
  • Patch
https://github.com/codehaus-plexus/plexus-utils/issues/294
  • Issue Tracking
https://github.com/codehaus-plexus/plexus-utils/pull/295
  • Issue Tracking
  • Patch
https://github.com/codehaus-plexus/plexus-utils/pull/296
  • Issue Tracking
  • Patch
GHSA-6fmv-xxpf-w3cw
      1. cpe:2.3:a:codehaus-plexus:plexus-utils:*:*:*:*:*:*:*:*
        End excluding
        4.0.3
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top