CVE-2025-46822

HIGH NUCLEI

OsamaTaher Java-springboot-codebase - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-46822. PoCs published by d3sca, HORKimhab. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file read vulnerability in Java-springboot-codebase 1.1 via path traversal. It constructs a malicious URL to retrieve sensitive files from the target system without authentication.

Description

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.

Exploits (3)

exploitdb WORKING POC
by d3sca · pythonwebappsjava
https://www.exploit-db.com/exploits/52304

This exploit demonstrates an arbitrary file read vulnerability in Java-springboot-codebase 1.1 via path traversal. It constructs a malicious URL to retrieve sensitive files from the target system without authentication.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Java-springboot-codebase 1.1
No auth needed
Prerequisites: Target must be running Java-springboot-codebase 1.1 · Target endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by HORKimhab · pythonpoc
https://github.com/HORKimhab/CVE-2025-46822

The repository contains functional Python exploit code for CVE-2025-46822, an unauthenticated arbitrary file read vulnerability in Spring Boot applications. The exploit leverages path traversal via absolute paths in the `/api/v1/files/{fileName}` endpoint, bypassing `Path.resolve()` protections.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Spring Boot (unspecified version)
No auth needed
Prerequisites: Network access to the vulnerable endpoint · Knowledge of target file paths
devstral-2 · analyzed May 23, 2026 Full analysis →
nomisec WORKING POC
by d3sca · poc
https://github.com/d3sca/CVE-2025-46822

This PoC exploits an unauthenticated arbitrary file read vulnerability via absolute path traversal in a Java Spring Boot application. The exploit sends a crafted request to the /api/v1/files/{fileName} endpoint to retrieve sensitive files without authentication.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Java Spring Boot application with vulnerable file API endpoint
No auth needed
Prerequisites: Target application with vulnerable endpoint exposed · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Java-springboot-codebase 1.1 - Arbitrary File Read
HIGHVERIFIEDby haliteroglu25

References (2)

Core 2

Scores

CVSS v4 7.7
EPSS 0.0684
EPSS Percentile 91.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-36
Status published
Products (1)
OsamaTaher/Java-springboot-codebase < c835c6f7799eacada4c0fc77e0816f250af01ad2
Published May 21, 2025
Tracked Since Feb 18, 2026