Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

🗓️ 29 Mar 2026 08:02:46Reported by MicrosoftType

Microsoft vulnerability CVE-2025-67030 affects products.

Reporter	Title	Published	Views	Family All 90
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils	24 Apr 202609:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities	15 Apr 202615:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	26 May 202606:03	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of plexus-utils-3.5.1.jar, IBM Sterling Connect:Direct Web Services is affected by Directory Traversal issue.	23 Apr 202606:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Directory Traversal due to plexus-utils (CVE-2025-67030)	8 May 202607:49	–	ibm
IBM Security Bulletins	Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-67030)	15 Jun 202622:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Quantum Safe Explorer is affected by multiple vulnerabilities	6 May 202610:32	–	ibm
ATTACKERKB	CVE-2025-67030	25 Mar 202600:00	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1581)	13 Apr 202600:00	–	nessus