CVE-2025-48977

ADVISORY - github

Summary

Relative Path Traversal vulnerability in Apache Ignite REST API.

Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0.

Users are recommended to upgrade to version 2.18.0, which fixes the issue.

EPSS Score: 0.00526 (0.406)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Relative Path Traversal

ADVISORY - github

Relative Path Traversal


NIST

CREATED

UPDATED

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.5high

GitHub

CREATED

UPDATED

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

8.5high