CVE 8.5 HIGH

Apache Ignite: REST HTTP arbitrary file read vulnerability_CVE-2025-48977

May 28, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Description

Relative Path Traversal vulnerability in Apache Ignite REST API.

Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way.
This issue affects Apache Ignite: from 2.0.0 through 2.17.0.

Users are recommended to upgrade to version 2.18.0, which fixes the issue.

AI Analysis

Relative Path Traversal vulnerability in Apache Ignite REST API allowing authenticated users to read arbitrary files

Basic Information

ID CVE-2025-48977

Source apache

Published May 28, 2026 at 08:58

Affected Product

Vendor Apache Software Foundation

Product Apache Ignite

Version 2.0.0

Affected Versions Apache Software Foundation Apache Ignite 2.0.0

CWE Classification

CWE-23

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Apache Software Foundation

Product Apache Ignite

Version 2.0.0-2.17.0

References

lists.apache.org /thread/hgct6918sowd8l58yjohryhpxx81t4n1

{
    "lastseen": "",
    "description": "Relative Path Traversal vulnerability in Apache Ignite REST API.\n\nAuthenticated REST API users can read any file on the server with \"cmd=log\" command and a log path crafted in a certain way.\nThis issue affects Apache Ignite: from 2.0.0 through 2.17.0.\n\nUsers are recommended to upgrade to version 2.18.0, which fixes the issue.",
    "published": "2026-05-28T08:58:06.822Z",
    "modified": "2026-05-28T08:58:06.822Z",
    "type": "cve",
    "title": "Apache Ignite: REST HTTP arbitrary file read vulnerability",
    "source": "apache",
    "references": "https://lists.apache.org/thread/hgct6918sowd8l58yjohryhpxx81t4n1",
    "id": "CVE-2025-48977",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Ignite 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Ignite",
    "version": "2.0.0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Relative Path Traversal vulnerability in Apache Ignite REST API allowing authenticated users to read arbitrary files",
    "ai_severity": "High",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache Ignite",
    "ai_version": "2.0.0-2.17.0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply