CVE-2025-48977

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Relative Path Traversal vulnerability in Apache Ignite REST API.

Authenticated REST API users can read any file on the server with 'cmd=log' command and a log path crafted in a certain way.
This issue affects Apache Ignite: from 2.0.0 through 2.17.0.

Users are recommended to upgrade to version 2.18.0, which fixes the issue.

Relative Path Traversal

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, AI/ML

View CWE Details

https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpxx8…

https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpxx81t4n1

CVE-2025-48977

Description

Relative Path Traversal

Common Consequences

Applicable Platforms

Iscriviti alla newsletter