CVE-2025-46822 Scanner

CVE-2025-46822 Scanner - Arbitrary File Read vulnerability in Java-springboot-codebase

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

10 days

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Java-springboot-codebase is a publicly available repository that provides code samples, applications, and projects built using the Java Spring Boot framework. It is maintained by the open-source community and frequently used by developers for educational and prototyping purposes. This codebase includes various RESTful API endpoints and utilities intended to help developers quickly build backend services. It is commonly deployed as-is or partially integrated into other Spring Boot applications. The system runs over HTTP and includes file management endpoints, some of which lack adequate validation. When deployed without modifications, misconfigured endpoints may expose critical vulnerabilities.

The vulnerability CVE-2025-46822 is an Arbitrary File Read flaw that allows unauthorized users to access sensitive files on the server. It is caused by an insecure implementation in the `/api/v1/files/{filename}` endpoint, which does not properly restrict path traversal attempts. Attackers can exploit this by specifying absolute paths such as `/etc/passwd`, leading to unauthorized exposure of internal server files. This vulnerability is present in all versions prior to commit `c835c6f7799eacada4c0fc77e0816f250af01ad2`. Since no authentication is required to exploit this flaw, it poses a significant risk when the application is exposed to the public.

The technical flaw exists due to insufficient input sanitization in the file reading logic. The endpoint `/api/v1/files/` directly maps user-supplied paths to the file system without adequate normalization or restriction. The scanner tests this behavior by requesting the `/etc/passwd` file, a common Linux system file used to detect file read vulnerabilities. A successful scan identifies both a `200 OK` status and a regex match of Unix password file contents such as `root:.*:0:0:`. This confirms that path traversal is possible and that sensitive file access is not blocked.

If successfully exploited, this vulnerability can allow remote attackers to read sensitive configuration files, passwords, environment variables, or application source code. Such access can aid in further attacks, including privilege escalation, lateral movement, or reverse engineering of application logic. The exposure of credential files could lead to full system compromise or database access. Organizations using this codebase without appropriate hardening are particularly vulnerable to data breaches and system infiltration. Continuous deployment of unvetted third-party code increases these risks significantly.

REFERENCES

Get started to protecting your digital assets