Main Vulnerability Database SB2026052672

SB2026052672 - SUSE update for plexus-utils

Published: May 26, 2026

Security Bulletin ID SB2026052672

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2025-67030)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to write arbitrary files.

The vulnerability exists due to path traversal in the extractFile function when extracting archive entries with traversal sequences or absolute paths. A remote attacker can supply a specially crafted archive to write arbitrary files.

If a written file is later used as an executable or configuration file, this may lead to code execution in the context of the current working user.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20261396-1/

SB2026052672 - SUSE update for plexus-utils

Breakdown by Severity

Description

Remediation

References

Please verify you're human