CVE-2025-67030: n/a
CVE-2025-67030 is a directory traversal vulnerability in the extractFile method of org. codehaus. plexus. util. Expand in plexus-utils before commit 6d780b3378829318ba5c2d29547e0012d5b29642. This vulnerability allows an attacker to potentially execute arbitrary code by exploiting improper file path handling. It has a high severity with a CVSS score of 8. 8, indicating significant impact on confidentiality, integrity, and availability. No patch or official fix information is currently provided, and no known exploits are reported in the wild.
AI Analysis
Technical Summary
This vulnerability (CVE-2025-67030) affects the extractFile method in the plexus-utils library, specifically in the org.codehaus.plexus.util.Expand class. The issue is a directory traversal flaw (CWE-22) that could allow an attacker to write files outside the intended extraction directory, potentially leading to arbitrary code execution. The affected versions are prior to commit 6d780b3378829318ba5c2d29547e0012d5b29642. The CVSS v3.1 base score is 8.8, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available to confirm remediation status.
Potential Impact
Successful exploitation could allow an attacker to execute arbitrary code on the affected system by leveraging directory traversal to place malicious files in unintended locations. This impacts confidentiality, integrity, and availability of the system. No known exploits in the wild have been reported so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when processing untrusted input with the affected extractFile method. Monitor vendor channels for updates and apply patches promptly once released.
CVE-2025-67030: n/a
Description
CVE-2025-67030 is a directory traversal vulnerability in the extractFile method of org. codehaus. plexus. util. Expand in plexus-utils before commit 6d780b3378829318ba5c2d29547e0012d5b29642. This vulnerability allows an attacker to potentially execute arbitrary code by exploiting improper file path handling. It has a high severity with a CVSS score of 8. 8, indicating significant impact on confidentiality, integrity, and availability. No patch or official fix information is currently provided, and no known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2025-67030) affects the extractFile method in the plexus-utils library, specifically in the org.codehaus.plexus.util.Expand class. The issue is a directory traversal flaw (CWE-22) that could allow an attacker to write files outside the intended extraction directory, potentially leading to arbitrary code execution. The affected versions are prior to commit 6d780b3378829318ba5c2d29547e0012d5b29642. The CVSS v3.1 base score is 8.8, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available to confirm remediation status.
Potential Impact
Successful exploitation could allow an attacker to execute arbitrary code on the affected system by leveraging directory traversal to place malicious files in unintended locations. This impacts confidentiality, integrity, and availability of the system. No known exploits in the wild have been reported so far.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when processing untrusted input with the affected extractFile method. Monitor vendor channels for updates and apply patches promptly once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-12-08T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69c422f4f4197a8e3b7492ea
Added to database: 3/25/2026, 6:01:24 PM
Last enriched: 4/3/2026, 1:33:55 PM
Last updated: 5/10/2026, 7:42:26 AM
Views: 580
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.