CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-46822: Unauthenticated Arbitrary File Read via Absolute Path

7.7 CVSS

Description

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.

Classification

CVE ID: CVE-2025-46822

CVSS Base Severity: HIGH

CVSS Base Score: 7.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Problem Types

CWE-36: Absolute Path Traversal

Affected Products

Vendor: OsamaTaher

Product: Java-springboot-codebase

Nuclei Template

http/cves/2025/CVE-2025-46822.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 13.28% (probability of being exploited)

EPSS Percentile: 93.78% (scored less or equal to compared to others)

EPSS Date: 2025-06-15 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46822
https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637
https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2

Timeline

2025-05-21 18:40:11 UTC
CVE

Unauthenticated Arbitrary File Read via Absolute Path