SB2026070675 - Red Hat Enterprise Linux 9 update for the maven:3.9 module



SB2026070675 - Red Hat Enterprise Linux 9 update for the maven:3.9 module

Published: July 6, 2026

Security Bulletin ID SB2026070675
CSH Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Path traversal (CVE-ID: CVE-2025-67030)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to write arbitrary files.

The vulnerability exists due to path traversal in the extractFile function when extracting archive entries with traversal sequences or absolute paths. A remote attacker can supply a specially crafted archive to write arbitrary files.

If a written file is later used as an executable or configuration file, this may lead to code execution in the context of the current working user.


Remediation

Install update from vendor's website.