Vulnerability DatabaseCVE-2025-67030
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-67030
March 25, 2026
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
Affected Packages
org.codehaus.plexus:plexus-utils (JAVA):
Affected version(s) >=1.0.4 <4.0.3
Fix Suggestion:
Update to version 4.0.3
org.codehaus.plexus:plexus-utils (JAVA):
Affected version(s) >=1.0.4 <4.0.3
Fix Suggestion:
Update to version 4.0.3
org.codehaus.plexus:plexus-utils (JAVA):
Affected version(s) >=1.0.4 <4.0.3
Fix Suggestion:
Update to version 4.0.3
org.codehaus.plexus:plexus-utils (JAVA):
Affected version(s) >=1.0.4 <4.0.3
Fix Suggestion:
Update to version 4.0.3
org.codehaus.plexus:plexus-utils (JAVA):
Affected version(s) >=1.0.4 <4.0.3
Fix Suggestion:
Update to version 4.0.3
Related ResourcesĀ (8)
https://github.com/codehaus-plexus/plexus-utils/pull/295
https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
https://github.com/codehaus-plexus/plexus-utils/issues/294
https://github.com/codehaus-plexus/plexus-utils
https://nvd.nist.gov/vuln/detail/CVE-2025-67030
https://github.com/codehaus-plexus/plexus-utils/releases/tag/plexus-utils-4.0.3
https://github.com/codehaus-plexus/plexus-utils/pull/296
Do you need more information?
Contact Us
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22
EPSS
Base Score:
0.04