Vulnerability Details CVE-2025-48977
Relative Path Traversal vulnerability in Apache Ignite REST API.
Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way.
This issue affects Apache Ignite: from 2.0.0 through 2.17.0.
Users are recommended to upgrade to version 2.18.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.4%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-48977
-
cpe:2.3:a:apache:ignite:2.0.0
-
cpe:2.3:a:apache:ignite:2.1.0
-
cpe:2.3:a:apache:ignite:2.1.1
-
cpe:2.3:a:apache:ignite:2.10.0
-
cpe:2.3:a:apache:ignite:2.11.0
-
cpe:2.3:a:apache:ignite:2.11.1
-
cpe:2.3:a:apache:ignite:2.12.0
-
cpe:2.3:a:apache:ignite:2.13.0
-
cpe:2.3:a:apache:ignite:2.14.0
-
cpe:2.3:a:apache:ignite:2.15.0
-
cpe:2.3:a:apache:ignite:2.16.0
-
cpe:2.3:a:apache:ignite:2.17.0
-
cpe:2.3:a:apache:ignite:2.2.0
-
cpe:2.3:a:apache:ignite:2.3.0
-
cpe:2.3:a:apache:ignite:2.4.0
-
cpe:2.3:a:apache:ignite:2.5.0
-
cpe:2.3:a:apache:ignite:2.6.0
-
cpe:2.3:a:apache:ignite:2.7.0
-
cpe:2.3:a:apache:ignite:2.7.5
-
cpe:2.3:a:apache:ignite:2.7.6
-
cpe:2.3:a:apache:ignite:2.8.0
-
cpe:2.3:a:apache:ignite:2.8.1
-
cpe:2.3:a:apache:ignite:2.9.0
-
cpe:2.3:a:apache:ignite:2.9.1