CVE-2025-70952

Published: Mar 25, 2026

Modified: Mar 28, 2026

PUBLISHED

Description

pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/pf4j/pf4j/issues/618

https://github.com/pf4j/pf4j/issues/623

https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14

https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70952

Description

Affected Products

References