CVE-2025-48977
Awaiting Analysis Awaiting Analysis - Queue
Relative Path Traversal in Apache Ignite REST API

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: Apache Software Foundation

Description
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2025-48977
EUVD
EUVD-2025-209980
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
apache ignite From 2.0.0 (inc) to 2.17.0 (inc)
apache ignite 2.18.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of the CVE-2025-48977 vulnerability involves checking for attempts to exploit the relative path traversal flaw in the Apache Ignite REST API. Specifically, monitoring for REST API requests using the "cmd=log" command with crafted log path parameters containing traversal patterns like "../" or "../../" can indicate exploitation attempts.

You can detect such attempts by inspecting web server or application logs for suspicious REST API calls that include these traversal sequences.

Example commands to search logs for potential exploitation attempts include:

  • Using grep to find traversal patterns in logs: grep -E 'cmd=log.*(\.\./|\.\.\/\.\./)' /path/to/ignite/logs/access.log
  • Using grep to find REST API calls with cmd=log: grep 'cmd=log' /path/to/ignite/logs/access.log

Additionally, monitoring network traffic for HTTP requests to the Ignite REST API endpoint containing these patterns can help detect exploitation attempts.


Can you explain this vulnerability to me?

This vulnerability is a Relative Path Traversal issue in the Apache Ignite REST API. Authenticated users of the REST API can exploit the "cmd=log" command by crafting a specific log path that allows them to read any file on the server.

It affects Apache Ignite versions from 2.0.0 through 2.17.0, and the issue is fixed in version 2.18.0.


How can this vulnerability impact me? :

This vulnerability can allow an authenticated REST API user to read arbitrary files on the server. This could lead to unauthorized disclosure of sensitive information stored on the server, potentially exposing configuration files, credentials, or other critical data.


What immediate steps should I take to mitigate this vulnerability?

Users are recommended to upgrade Apache Ignite to version 2.18.0, which fixes the Relative Path Traversal vulnerability in the REST API.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart