CVE-2025-27553

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 23, 2025

Updated: Apr 2, 2025

CWE ID 23

Summary

CVE-2025-27553 is a Relative Path Traversal vulnerability affecting Apache Commons VFS before version 2.10.0. The FileObject API in Commons VFS includes a 'resolveFile' method with a 'scope' parameter, which is intended to return file objects that are descendants of the base file. However, if the path contains encoded ".." characters, such as "%2E%2E/bar.txt", the method may return file objects that are not descendants of the base file, without throwing an exception. This issue poses a security risk, and users are advised to upgrade to version 2.10.0, which addresses the vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/32fFgb
https://www.cve.org/CVERecord?id=CVE-2025-27553
https://nvd.nist.gov/vuln/detail/CVE-2025-27553

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-27553

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations