216.73.216.86

CVE-2025-66249

· Published 13/03/2026 19:53 · Modified 13/03/2026 19:53

Labels: CVE-2025-66249 2026-03-13CVE-2025-66249CWE-22[email protected]

Essential information

Published
13/03/2026 19:53
Modified
13/03/2026 19:53
Author
Creator
CVSS
6.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the directory checking can be bypassed. Users are recommended to upgrade to version 0.9.0, which fixes the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / livy cpe:2.3:a:apache:livy:0.3.0-0.9.0:*:*:*:*:*:*:*

References