CVE-2025-48977
Analyzed Analyzed - Analysis Complete
Relative Path Traversal in Apache Ignite REST API

Publication date: 2026-05-28

Last updated on: 2026-05-29

Assigner: Apache Software Foundation

Description
Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version 2.18.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-29
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2025-48977
EUVD
EUVD-2025-209980
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache ignite From 2.0.0 (inc) to 2.18.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Relative Path Traversal issue in the Apache Ignite REST API. Authenticated users of the REST API can exploit the "cmd=log" command by crafting a specific log path that allows them to read any file on the server.

It affects Apache Ignite versions from 2.0.0 through 2.17.0, and the issue is fixed in version 2.18.0.

Impact Analysis

This vulnerability can allow an authenticated REST API user to read arbitrary files on the server. This could lead to unauthorized disclosure of sensitive information stored on the server, potentially exposing configuration files, credentials, or other critical data.

Mitigation Strategies

Users are recommended to upgrade Apache Ignite to version 2.18.0, which fixes the Relative Path Traversal vulnerability in the REST API.

Detection Guidance

Detection of the CVE-2025-48977 vulnerability involves checking for attempts to exploit the relative path traversal flaw in the Apache Ignite REST API. Specifically, monitoring for REST API requests using the "cmd=log" command with crafted log path parameters containing traversal patterns like "../" or "../../" can indicate exploitation attempts.

You can detect such attempts by inspecting web server or application logs for suspicious REST API calls that include these traversal sequences.

Example commands to search logs for potential exploitation attempts include:

  • Using grep to find traversal patterns in logs: grep -E 'cmd=log.*(\.\./|\.\.\/\.\./)' /path/to/ignite/logs/access.log
  • Using grep to find REST API calls with cmd=log: grep 'cmd=log' /path/to/ignite/logs/access.log

Additionally, monitoring network traffic for HTTP requests to the Ignite REST API endpoint containing these patterns can help detect exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart