{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70952", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-28T01:20:21.432Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:34:46.661Z"}, "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/pf4j/pf4j/issues/618"}, {"url": "https://github.com/pf4j/pf4j/issues/623"}, {"url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14"}, {"url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-28T01:19:13.695937Z", "id": "CVE-2025-70952", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T01:20:21.432Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70952", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-28T01:19:13.695937Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T01:20:11.209Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/pf4j/pf4j/issues/618"}, {"url": "https://github.com/pf4j/pf4j/issues/623"}, {"url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14"}, {"url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705"}], "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:34:46.661Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70952", "state": "PUBLISHED", "dateUpdated": "2026-03-28T01:20:21.432Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-25T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pf4j_project:pf4j:*:*:*:*:*:*:*:*", "matchCriteriaId": "7857D4EE-9752-4195-80FF-87D2DE335A67", "versionEndExcluding": "3.14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}, {"lang": "es", "value": "pf4j anterior a 20c2f80 tiene una vulnerabilidad de salto de ruta en la funci\u00f3n extract() de Unzip.java, donde el manejo inadecuado de los nombres de las entradas zip puede permitir ataques de salto de directorio o Zip Slip, debido a la falta de una normalizaci\u00f3n y validaci\u00f3n de ruta adecuadas."}], "id": "CVE-2025-70952", "lastModified": "2026-04-01T13:44:35.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T19:16:28.260", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/pf4j/pf4j/issues/618"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/pf4j/pf4j/issues/623"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0,20c2f80)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "pf4j", "vendor": "pf4j"}], "analysis": {"en": {"generated_at": "2026-04-02T05:18:39.019206+00:00", "value": {"mitigation_remediation": ["Upgrade pf4j to a version containing commit\u202f20c2f800 or newer. ", "If an upgrade is unavailable, add path validation to ensure extracted entry paths remain inside the intended directory before writing files. ", "Limit exposure by restricting which users or services can provide ZIP files to pf4j\u2019s unzip functionality, and monitor logs for extraction attempts."], "summary": {"action": "Patch Now", "impact": "Directory Traversal"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all releases of the pf4j framework that use the Unzip helper prior to commit\u202f20c2f800. Applications or services that employ pf4j for plugin or extension installation and rely on its unzip functionality for handling ZIP archives are at risk. Versions newer than this commit are not affected.", "description_and_impact": "pf4j versions before commit\u202f20c2f800 contain a path\u2011traversal vulnerability in the Unzip.extract method. Improper handling of zip entry names allows a malicious archive to write files outside the intended extraction directory, potentially overwriting existing files or placing files in arbitrary locations. This weakness is identified as CWE\u201122 and is quantified with a CVSS v3.1 score of 7.5, indicating high severity.", "risk_and_exploitability": "The EPSS score is below\u202f1\u202f%, and the vulnerability is not included in CISA\u2019s KEV catalog, suggesting a low current exploitation probability. The likely attack vector is when an attacker can supply a malicious ZIP file to a component that invokes pf4j\u2019s unzip logic, such as during plugin upload or extension installation. The exploit would require write access to the base extraction directory; success could allow modification of the file system as the application runs."}}}}, "created": "2026-03-25T20:56:58.451015+00:00", "updated": "2026-04-02T07:59:21.240999+00:00", "vendors": ["pf4j", "pf4j$PRODUCT$pf4j"]}