Path Traversal Vulnerability in Java Spring Boot Codebase by OsamaTaher
CVE-2025-46822

7.7HIGH

Key Information:

Vendor: Osamataher
Status: Java-springboot-codebase
Vendor: CVE Published:; 21 May 2025

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 14%

What is CVE-2025-46822?

A vulnerability in the Java Spring Boot codebase by OsamaTaher prior to a specific commit allows for absolute path traversal. This flaw enables unauthorized users to access sensitive internal files, posing a significant security threat. A patch was introduced in commit c835c6f7799eacada4c0fc77e0816f250af01ad2 to mitigate this issue. Users of the affected codebase should update to ensure their applications are secure.

Affected Version(s)

Java-springboot-codebase < c835c6f7799eacada4c0fc77e0816f250af01ad2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

-CVE-2025-46822-
Created by d3sca

CVE-2025-46822
Created by d3sca

References

https://github.com/OsamaTaher/Java-springboot-codebase/se...

x_refsource_CONFIRM

https://github.com/OsamaTaher/Java-springboot-codebase/co...

x_refsource_MISC

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 23, 2025
👾
Exploit known to exist
May 23, 2025
Vulnerability published
May 21, 2025
Vulnerability Reserved
Apr 30, 2025

Osamataher

Badges

What is CVE-2025-46822?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V4

Timeline