CVE-2025-11919
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance (/tmp/UserTemporaryFiles/). The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared /tmp/ space can preemptively create or replace .jar files or directories (via the -init file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., commons-io) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wolfram Research Inc. | Cloud | 14.2 | affected |
Weaknesses
- CWE-552 Files or Directories Accessible to External Parties
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.