CVE-2025-1686: External Control of File Name or Path in io.pebbletemplates:pebble
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
AI Analysis
Technical Summary
The vulnerability CVE-2025-1686 affects io.pebbletemplates:pebble versions up to 4.1.0 and involves external control of file name or path through the include tag. A high privileged attacker can exploit this by creating malicious notification templates that include sensitive local files such as /etc/passwd or /proc/1/environ. The issue is categorized under CWE-73 (External Control of File Name or Path). No official patch is currently available, but a workaround involves disabling the include macro using the provided PebbleEngine.Builder configuration.
Potential Impact
An attacker with high privileges can access sensitive local files by exploiting the include tag in Pebble Templates. This could lead to disclosure of sensitive system information. The vulnerability does not require user interaction and has no known exploits in the wild at this time.
Mitigation Recommendations
No official patch is currently available. The vendor has not provided an official fix, so users should apply the recommended workaround by disabling the include macro in Pebble Templates using the provided code snippet. This effectively mitigates the vulnerability by preventing the inclusion of arbitrary files via the include tag.
CVE-2025-1686: External Control of File Name or Path in io.pebbletemplates:pebble
Description
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-1686 affects io.pebbletemplates:pebble versions up to 4.1.0 and involves external control of file name or path through the include tag. A high privileged attacker can exploit this by creating malicious notification templates that include sensitive local files such as /etc/passwd or /proc/1/environ. The issue is categorized under CWE-73 (External Control of File Name or Path). No official patch is currently available, but a workaround involves disabling the include macro using the provided PebbleEngine.Builder configuration.
Potential Impact
An attacker with high privileges can access sensitive local files by exploiting the include tag in Pebble Templates. This could lead to disclosure of sensitive system information. The vulnerability does not require user interaction and has no known exploits in the wild at this time.
Mitigation Recommendations
No official patch is currently available. The vendor has not provided an official fix, so users should apply the recommended workaround by disabling the include macro in Pebble Templates using the provided code snippet. This effectively mitigates the vulnerability by preventing the inclusion of arbitrary files via the include tag.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- snyk
- Date Reserved
- 2025-02-25T10:32:01.608Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 694579a3133fda1465c274c1
Added to database: 12/19/2025, 4:13:23 PM
Last enriched: 4/20/2026, 5:36:38 AM
Last updated: 5/9/2026, 11:04:35 PM
Views: 130
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.