Relative Path Traversal Vulnerability in Apache Ignite by Apache
CVE-2025-48977

8.5HIGH

Key Information:

Vendor: Apache
Status: Apache Ignite
Vendor: CVE Published:; 28 May 2026

What is CVE-2025-48977?

A relative path traversal vulnerability exists in the Apache Ignite REST API, allowing authenticated users to access any file on the server by using a specially crafted command with 'cmd=log'. This flaw impacts all versions of Apache Ignite from 2.0.0 to 2.17.0, enabling potential exposure of sensitive information. To mitigate this risk, users are strongly advised to upgrade to version 2.18.0, which addresses this security concern.

Affected Version(s)

Apache Ignite 2.0.0 <= 2.17.0

References

https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpx...

vendor-advisory

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 29, 2025

CVE-2025-48977 Data

JSON