216.73.216.133

CVE-2025-48977

· Published 28/05/2026 10:16 · Modified 29/05/2026 14:11

Labels: CVE-2025-48977 2026-05-28CVE-2025-48977CWE-23[email protected]

Essential information

Published
28/05/2026 10:16
Modified
29/05/2026 14:11
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / ignite cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*

References