CVE-2025-46822 Scanner
CVE-2025-46822 Scanner - Arbitrary File Read vulnerability in Java-springboot-codebase
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Java-springboot-codebase is a publicly available repository that provides code samples, applications, and projects built using the Java Spring Boot framework. It is maintained by the open-source community and frequently used by developers for educational and prototyping purposes. This codebase includes various RESTful API endpoints and utilities intended to help developers quickly build backend services. It is commonly deployed as-is or partially integrated into other Spring Boot applications. The system runs over HTTP and includes file management endpoints, some of which lack adequate validation. When deployed without modifications, misconfigured endpoints may expose critical vulnerabilities.
The vulnerability CVE-2025-46822 is an Arbitrary File Read flaw that allows unauthorized users to access sensitive files on the server. It is caused by an insecure implementation in the `/api/v1/files/{filename}` endpoint, which does not properly restrict path traversal attempts. Attackers can exploit this by specifying absolute paths such as `/etc/passwd`, leading to unauthorized exposure of internal server files. This vulnerability is present in all versions prior to commit `c835c6f7799eacada4c0fc77e0816f250af01ad2`. Since no authentication is required to exploit this flaw, it poses a significant risk when the application is exposed to the public.
The technical flaw exists due to insufficient input sanitization in the file reading logic. The endpoint `/api/v1/files/` directly maps user-supplied paths to the file system without adequate normalization or restriction. The scanner tests this behavior by requesting the `/etc/passwd` file, a common Linux system file used to detect file read vulnerabilities. A successful scan identifies both a `200 OK` status and a regex match of Unix password file contents such as `root:.*:0:0:`. This confirms that path traversal is possible and that sensitive file access is not blocked.
If successfully exploited, this vulnerability can allow remote attackers to read sensitive configuration files, passwords, environment variables, or application source code. Such access can aid in further attacks, including privilege escalation, lateral movement, or reverse engineering of application logic. The exposure of credential files could lead to full system compromise or database access. Organizations using this codebase without appropriate hardening are particularly vulnerable to data breaches and system infiltration. Continuous deployment of unvetted third-party code increases these risks significantly.
REFERENCES
- https://github.com/OsamaTaher/Java-springboot-codebase
- https://nvd.nist.gov/vuln/detail/CVE-2025-46822
- https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637
- https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2
- https://github.com/PuddinCat/GithubRepoSpider