CVE-2025-48977

ADVISORY - github

Summary

Relative Path Traversal vulnerability in Apache Ignite REST API.

Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0.

Users are recommended to upgrade to version 2.18.0, which fixes the issue.

EPSS Score: 0.00526 (0.406)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Relative Path Traversal

ADVISORY - github

Relative Path Traversal


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in