CVE-2025-67030: Plexus-Utils has a Directory Traversal vulnerability in its extractFile method
(updated )
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
References
- gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
- github.com/advisories/GHSA-6fmv-xxpf-w3cw
- github.com/codehaus-plexus/plexus-utils
- github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
- github.com/codehaus-plexus/plexus-utils/issues/294
- github.com/codehaus-plexus/plexus-utils/pull/295
- github.com/codehaus-plexus/plexus-utils/pull/296
- github.com/codehaus-plexus/plexus-utils/releases/tag/plexus-utils-4.0.3
- nvd.nist.gov/vuln/detail/CVE-2025-67030
Code Behaviors & Features
Detect and mitigate CVE-2025-67030 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →