CVE-2025-27553 (GCVE-0-2025-27553)
Vulnerability from cvelistv5
Published
2025-03-23 14:16
Modified
2025-04-02 22:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.
The FileObject API in Commons VFS has a 'resolveFile' method that
takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of
the base file". However, when the path contains encoded ".."
characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not
a descendent of the base file, without throwing an exception.
This issue affects Apache Commons VFS: before 2.10.0.
Users are recommended to upgrade to version 2.10.0, which fixes the issue.
References
| ► | URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons VFS |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-02T22:03:21.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/23/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00006.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T13:43:35.551341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T13:44:34.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.commons:commons-vfs2",
"product": "Apache Commons VFS",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.10.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arnout Engelen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRelative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe FileObject API in Commons VFS has a \u0027resolveFile\u0027 method that\ntakes a \u0027scope\u0027 parameter. Specifying \u0027NameScope.DESCENDENT\u0027 promises that \"an exception is thrown if the resolved file is not a descendent of\nthe base file\". However, when the path contains encoded \"..\"\ncharacters (for example, \"%2E%2E/bar.txt\"), it might return file objects that are not\na descendent of the base file, without throwing an exception.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Commons VFS: before 2.10.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.10.0, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.\n\nThe FileObject API in Commons VFS has a \u0027resolveFile\u0027 method that\ntakes a \u0027scope\u0027 parameter. Specifying \u0027NameScope.DESCENDENT\u0027 promises that \"an exception is thrown if the resolved file is not a descendent of\nthe base file\". However, when the path contains encoded \"..\"\ncharacters (for example, \"%2E%2E/bar.txt\"), it might return file objects that are not\na descendent of the base file, without throwing an exception.\nThis issue affects Apache Commons VFS: before 2.10.0.\n\nUsers are recommended to upgrade to version 2.10.0, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-23T14:16:20.363Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/cnzqowyw9r2pl263cylmxhnvh41hyjcb"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-27553",
"datePublished": "2025-03-23T14:16:20.363Z",
"dateReserved": "2025-03-01T03:19:06.648Z",
"dateUpdated": "2025-04-02T22:03:21.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27553\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-03-23T15:15:13.377\",\"lastModified\":\"2025-04-02T22:15:19.203\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.\\n\\nThe FileObject API in Commons VFS has a \u0027resolveFile\u0027 method that\\ntakes a \u0027scope\u0027 parameter. Specifying \u0027NameScope.DESCENDENT\u0027 promises that \\\"an exception is thrown if the resolved file is not a descendent of\\nthe base file\\\". However, when the path contains encoded \\\"..\\\"\\ncharacters (for example, \\\"%2E%2E/bar.txt\\\"), it might return file objects that are not\\na descendent of the base file, without throwing an exception.\\nThis issue affects Apache Commons VFS: before 2.10.0.\\n\\nUsers are recommended to upgrade to version 2.10.0, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Path Traversal relativo en Apache Commons VFS anterior a la versi\u00f3n 2.10.0. La API FileObject de Commons VFS incluye un m\u00e9todo \\\"resolveFile\\\" que utiliza el par\u00e1metro \\\"scope\\\". Especificar \\\"NameScope.DESCENDENT\\\" implica que se lanzar\u00e1 una excepci\u00f3n si el archivo resuelto no es descendiente del archivo base. Sin embargo, si la ruta contiene caracteres \\\"..\\\" codificados (por ejemplo, \\\"%2E%2E/bar.txt\\\"), podr\u00eda devolver objetos de archivo que no son descendientes del archivo base, sin lanzar una excepci\u00f3n. Este problema afecta a Apache Commons VFS anterior a la versi\u00f3n 2.10.0. Se recomienda actualizar a la versi\u00f3n 2.10.0, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_vfs:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.0\",\"matchCriteriaId\":\"4BABF8CF-5800-484E-9B46-701503CA903B\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/cnzqowyw9r2pl263cylmxhnvh41hyjcb\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/03/23/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/04/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/03/23/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/04/msg00006.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-04-02T22:03:21.278Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27553\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-24T13:43:35.551341Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-24T13:43:53.137Z\"}}], \"cna\": {\"title\": \"Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Arnout Engelen\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons VFS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.10.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.commons:commons-vfs2\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/cnzqowyw9r2pl263cylmxhnvh41hyjcb\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.\\n\\nThe FileObject API in Commons VFS has a \u0027resolveFile\u0027 method that\\ntakes a \u0027scope\u0027 parameter. Specifying \u0027NameScope.DESCENDENT\u0027 promises that \\\"an exception is thrown if the resolved file is not a descendent of\\nthe base file\\\". However, when the path contains encoded \\\"..\\\"\\ncharacters (for example, \\\"%2E%2E/bar.txt\\\"), it might return file objects that are not\\na descendent of the base file, without throwing an exception.\\nThis issue affects Apache Commons VFS: before 2.10.0.\\n\\nUsers are recommended to upgrade to version 2.10.0, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eRelative Path Traversal vulnerability in Apache Commons VFS before 2.10.0.\u003c/p\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe FileObject API in Commons VFS has a \u0027resolveFile\u0027 method that\\ntakes a \u0027scope\u0027 parameter. Specifying \u0027NameScope.DESCENDENT\u0027 promises that \\\"an exception is thrown if the resolved file is not a descendent of\\nthe base file\\\". However, when the path contains encoded \\\"..\\\"\\ncharacters (for example, \\\"%2E%2E/bar.txt\\\"), it might return file objects that are not\\na descendent of the base file, without throwing an exception.\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Commons VFS: before 2.10.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.10.0, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"CWE-23 Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-03-23T14:16:20.363Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27553\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T22:03:21.278Z\", \"dateReserved\": \"2025-03-01T03:19:06.648Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-03-23T14:16:20.363Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…