93 matches found
CLSA-2026-1777038119 plexus-utils: Fix of CVE-2025-67030
CVE-2025-67030 fix zip slip via canonical path check in Expand...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils
Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...
Security Bulletin: Due to use of plexus-utils-3.5.1.jar, IBM Sterling Connect:Direct Web Services is affected by Directory Traversal issue.
Summary plexus-utils-3.5.1.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before...
Security update for plexus-utils (important)
openSUSE security update: security update for plexus-utils ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20535-1 Rating: important References: bsc1260588 Cross-References: CVE-2025-67030 CVSS scores: CVE-2025-67030 SUSE : 7.3...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : plexus-utils (SUSE-SU-2026:1396-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1396-1 advisory. This update for plexus-utils fixes the following issue: Security fixes: - CVE-2025-67030: directory...
Security update for plexus-utils
This update for plexus-utils fixes the following issue: Security fixes: CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes Specify /D for cmd.exe to bypass the Command Processor Autorun folder Dependency...
SUSE-SU-2026:1396-1 Security update for plexus-utils
This update for plexus-utils fixes the following issue: Security fixes: - CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588. Update to version 4.0.2: Bug Fixes + Specify /D for cmd.exe to bypass the Command Processor Autorun folder...
Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities
Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Apache Avro, Jackson, Vert.x, plexus-utils and Netty Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils...
CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-4
CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-4. A patched version of the package is available...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
SUSE-SU-2026:21194-1 Security update for plexus-utils
This update for plexus-utils fixes the following issue: - CVE-2025-67030: directory traversal via the extractFile method of org.codehaus.plexus.util.Expand bsc1260588...
org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
A flaw was found in plexus-utils. This vulnerability, known as a Directory Traversal, exists within the extractFile method. An attacker can exploit this to execute unauthorized code on the system in the context of the current working user...
Important: plexus-utils
Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: plexus-utils Note: This advisory is...
Amazon Linux 2 : plexus-utils, --advisory ALAS2-2026-3233 (ALAS-2026-3233)
The version of plexus-utils installed on the remote host is prior to 3.0.9-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3233 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before...
Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1581)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1581 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...
Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1545 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...
Important: javapackages-bootstrap
Issue Overview: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code CVE-2025-67030 Affected Packages: javapackages-bootstrap Issue...
CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-5
CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-5. A patched version of the package is available...
plexus-utils-4.0.2-2.1 on GA media (moderate)
plexus-utils-4.0.2-2.1 on GA media Announcement ID: openSUSE-SU-2026:10439-1 Rating: moderate Cross-References: CVE-2025-67030 CVSS scores: CVE-2025-67030 SUSE : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2025-67030 SUSE : 6.3...
Directory Traversal
Plexus-Utils is vulnerable to Directory Traversal. The vulnerability is due to a flaw in the extractFile method of org.codehaus.plexus.util.Expand, where an attacker can execute arbitrary code by exploiting the Directory Traversal vulnerability...