CVE-2025-48977
ADVISORY - githubSummary
Relative Path Traversal vulnerability in Apache Ignite REST API.
Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0.
Users are recommended to upgrade to version 2.18.0, which fixes the issue.
EPSS Score: 0.00526 (0.406)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Relative Path Traversal
ADVISORY - github
Relative Path Traversal
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-48977
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.5highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-v45h-mqf4-6939
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)