CVE-2025-1584 MEDIUM

CVE-2025-1584: opensolon Solon StaticMappings.java path traversal

Vendor Opensolon

Product Solon

Weakness CWE-24

Published February 23, 2025

Last update February 24, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.9 is able to address this issue. The name of the patch is f46e47fd1f8455b9467d7ead3cdb0509115b2ef1. It is recommended to upgrade the affected component.

Key dates

Disclosure timeline

February 23, 2025 CVE published

February 24, 2025 Record updated

Identifiers

CVE CVE-2025-1584

CWE CWE-24

CVSS 5.3 / MEDIUM

Affected versions

Vendor Opensolon

Product Solon

Affected 3.0.0

Vendor Opensolon

Product Solon

Affected 3.0.1

Vendor Opensolon

Product Solon

Affected 3.0.2

Vendor Opensolon

Product Solon

Affected 3.0.3

Vendor Opensolon

Product Solon

Affected 3.0.4

Vendor Opensolon

Product Solon

Affected 3.0.5

Vendor Opensolon

Product Solon

Affected 3.0.6

Vendor Opensolon

Product Solon

Affected 3.0.7

Vendor Opensolon

Product Solon

Affected 3.0.8