{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-70952", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-28T01:20:21.432Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-03-25T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:34:46.661Z"}, "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/pf4j/pf4j/issues/618"}, {"url": "https://github.com/pf4j/pf4j/issues/623"}, {"url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14"}, {"url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-28T01:19:13.695937Z", "id": "CVE-2025-70952", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T01:20:21.432Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-70952", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-28T01:19:13.695937Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-28T01:20:11.209Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/pf4j/pf4j/issues/618"}, {"url": "https://github.com/pf4j/pf4j/issues/623"}, {"url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14"}, {"url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705"}], "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-25T18:34:46.661Z"}}}, "cveMetadata": {"cveId": "CVE-2025-70952", "state": "PUBLISHED", "dateUpdated": "2026-03-28T01:20:21.432Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-25T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}, {"lang": "es", "value": "pf4j anterior a 20c2f80 tiene una vulnerabilidad de salto de ruta en la funci\u00f3n extract() de Unzip.java, donde el manejo inadecuado de los nombres de las entradas zip puede permitir ataques de salto de directorio o Zip Slip, debido a la falta de una normalizaci\u00f3n y validaci\u00f3n de ruta adecuadas."}], "id": "CVE-2025-70952", "lastModified": "2026-03-28T02:16:13.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-25T19:16:28.260", "references": [{"source": "[email protected]", "url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705"}, {"source": "[email protected]", "url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14"}, {"source": "[email protected]", "url": "https://github.com/pf4j/pf4j/issues/618"}, {"source": "[email protected]", "url": "https://github.com/pf4j/pf4j/issues/623"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0,20c2f80)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "pf4j", "vendor": "pf4j"}], "analysis": {"en": {"generated_at": "2026-03-27T11:22:19.263846+00:00", "value": {"mitigation_remediation": ["Update PF4J to commit 20c2f800 or later, which adds proper path normalization to the unzip process.", "If an update is not immediately possible, restrict the usage of untrusted ZIP files; validate the zip entry paths before extraction or sanitize the output directory to prevent traversal."], "summary": {"action": "Patch Immediately", "impact": "Directory Traversal Allowing Arbitrary File Write"}, "threat_synthesis": {"affected_systems": "All PF4J library versions prior to commit 20c2f800 (the change that added path normalization) are affected. Applications that incorporate those older releases are at risk; no specific vendor list is provided, so the impact is broad across any project that uses PF4J without the patch.", "description_and_impact": "The flaw exists in the Unzip.java module of the PF4J plugin framework. The extract() method fails to normalize or validate the names of entries in a ZIP archive, letting a crafted archive reference paths outside the intended extraction target. This Zip Slip vulnerability can overwrite or create files whenever the archive is processed, potentially enabling code execution, privilege escalation, or data corruption based on the files affected and the running user permissions.", "risk_and_exploitability": "The EPSS score is under 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low current likelihood of exploitation. An attacker would need to supply a malicious ZIP file to an affected application that performs extraction, so the vector could be remote if the app accepts user uploads or otherwise local. No publicly documented exploits exist, but because the potential impact is high, the overall risk can be considered moderate."}}}}, "created": "2026-03-25T20:56:58.451015+00:00", "title": "Path Traversal Vulnerability in PF4J Zip Extraction", "updated": "2026-03-27T15:48:07.733181+00:00", "vendors": ["pf4j", "pf4j$PRODUCT$pf4j"], "weaknesses": ["CWE-22", "CWE-20"]}