CVE-2025-70952

216.73.217.22

· Published 25/03/2026 19:16 · Modified 26/03/2026 15:13

Labels: CVE-2025-70952 2026-03-25 CVE-2025-70952 [email protected]

Essential information

Published: 25/03/2026 19:16
Modified: 26/03/2026 15:13
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
pf4j / pf4j	`cpe:2.3:a:pf4j:pf4j:<20c2f80:::::::*`

CVE-2025-70952

Essential information

Description

NVD status

Affected products (CPE)

References