CVE-2025-48977
EUVD-2025-20998028.05.2026, 10:16
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | ignite | 2.0.0 ≤ 𝑥 < 2.18.0 |
𝑥
= Vulnerable software versions