CVE-2025-46822 HIGH

CVE-2025-46822: Unauthenticated Arbitrary File Read via Absolute Path

Vendor Osamataher
Product Java-springboot-codebase
Weakness CWE-36
Published May 21, 2025
Last update May 21, 2025

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.

Key dates

02Disclosure timeline

May 21, 2025 CVE published
May 21, 2025 Record updated