CVE-2025-46822

HIGH NUCLEI

OsamaTaher Java-springboot-codebase - Path Traversal

Title source: llm

Description

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.

Exploits (2)

exploitdb WORKING POC

by d3sca · pythonwebappsjava

https://www.exploit-db.com/exploits/52304

View Code ZIP pw:eip

nomisec WORKING POC

by d3sca · poc

https://github.com/d3sca/CVE-2025-46822

View Code ZIP pw:eip

Nuclei Templates (1)

Java-springboot-codebase 1.1 - Arbitrary File Read

HIGHVERIFIEDby haliteroglu25

References (2)

[Patch] https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2

[Vendor Advisory] https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637

Scores

CVSS v4 7.7

EPSS 0.0684

EPSS Percentile 91.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Details

CWE

CWE-36

Status published

Products (1)

OsamaTaher/Java-springboot-codebase < c835c6f7799eacada4c0fc77e0816f250af01ad2

Published May 21, 2025

Tracked Since Feb 18, 2026