CVE-2025-0851
Published: 29 January 2025
Summary
CVE-2025-0851 is a critical-severity Absolute Path Traversal (CWE-36) vulnerability in Amazon (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 2.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A path traversal vulnerability tracked as CVE-2025-0851 affects ZipUtils.unzip and TarUtils.untar within the Deep Java Library (DJL) on all platforms. The flaw, assigned CWE-36 and CWE-73, permits an attacker to supply crafted archive files that cause writes to arbitrary filesystem locations outside the intended extraction directory.
An unauthenticated remote attacker can exploit the issue over the network by supplying a malicious ZIP or TAR archive to any DJL-based application that invokes the affected utility methods. Successful exploitation yields high impact on confidentiality, integrity, and availability through arbitrary file writes that may overwrite configuration, binaries, or other sensitive resources.
The referenced AWS security bulletin AWS-2025-003, DJL release v0.31.1, and GitHub Security Advisory GHSA-jcrp-x7w3-ffmg describe the issue and indicate that the flaw is resolved in DJL version 0.31.1. The EPSS score remains flat at 0.4369 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-0175
Vulnerability details
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write via malicious archive directly enables ingress of attacker-controlled files (T1105); remote unauthenticated exploitation of a library in an application maps to public-facing app exploitation (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the path traversal vulnerability by requiring timely patching of DJL to version v0.31.1 as specified in the security advisory.
Enforces validation of file paths in ZIP and TAR archives processed by DJL's extraction utilities to block traversal to arbitrary filesystem locations.
Imposes restrictions on the structure and content of inputs to archive extraction functions, preventing path traversal sequences like '../' from being processed.