Description

pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

INFO

Published Date :

2026-03-25T00:00:00.000Z

Last Modified :

2026-03-28T01:20:21.432Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70952 vulnerability.

Vendors Products
Pf4j
  • Pf4j
Pf4j Project
  • Pf4j
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70952.

URL Resource
https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705 cve-icon cve-icon
https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14 cve-icon cve-icon
https://github.com/pf4j/pf4j/issues/618 cve-icon cve-icon
https://github.com/pf4j/pf4j/issues/623 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact