Vulnerabilities > CVE-2025-2961

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-24

NVD

Published: 2025-03-30

Updated: 2025-03-30

Summary

A vulnerability classified as problematic was found in opensolon up to 3.1.0. This vulnerability affects the function render_mav of the file /aa of the component org.noear.solon.core.handle.RenderManager. The manipulation of the argument template with the input ../org/example/HelloApp.class leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Common Weakness Enumeration (CWE)

CWE-24 - Path Traversal: '../filedir'

References

https://github.com/Q16G/cve_detail/blob/main/solon/templateRCE.md
https://vuldb.com/?ctiid.302014
https://vuldb.com/?id.302014
https://vuldb.com/?submit.522380

Vulnerabilities > CVE-2025-2961 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-2961"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2025-2961