CVE-2025-66249

MEDIUM LAB

Apache Livy 0.3.0-0.9.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66249. PoCs published by sid6224.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-66249, a path traversal vulnerability in Apache Livy. It includes a root cause analysis, patch diffs, and a proof-of-concept setup using Docker to demonstrate the vulnerability and its fix.

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the directory checking can be bypassed. Users are recommended to upgrade to version 0.9.0, which fixes the issue.

Exploits (1)

nomisec WRITEUP

by sid6224 · poc

https://github.com/sid6224/CVE-2025-66249-POC

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-66249, a path traversal vulnerability in Apache Livy. It includes a root cause analysis, patch diffs, and a proof-of-concept setup using Docker to demonstrate the vulnerability and its fix.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apache Livy 0.3.0-incubating through 0.8.0-incubating

Auth required

Prerequisites: Authenticated access to Livy's REST or JDBC interface · Non-default value set for `livy.file.local-dir-whitelist`

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/12/2

Mailing List vendor-advisory

https://lists.apache.org/thread/1xwphsfn4jbtym4k4o0zlvwfogwqwwc3

Scores

CVSS v3 6.3

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Lab Environment

COMMUNITY

Community Lab

docker pull eclipse-temurin:11-jdk-focal

docker pull livy-dev-spark:latest

docker pull livy-dev-server:latest

docker pull livy-dev-base:latest

https://github.com/sid6224/CVE-2025-66249-POC

View in Library

Details

CWE

CWE-22

Status published

Products (3)

apache/livy 0.3.0 - 0.9.0

Apache Software Foundation/Apache Livy 0.3.0-incubating - 0.9.0-incubating

org.apache.livy/livy-server 0.3.0-incubating - 0.9.0-incubatingMaven

Published Mar 13, 2026

Tracked Since Mar 14, 2026