CVE-2025-48977
Published: 28 May 2026
Summary
CVE-2025-48977 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Apache Ignite. Its CVSS base score is 8.5 (High).
Operationally, ranked at the 40.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-209980
Vulnerability details
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through…
more
2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.