vulnerability
Red Hat JBossEAP: External Control of File Name or Path (CVE-2025-1686)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | 2025-02-27 | 2025-02-28 | 2025-03-03 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
2025-02-27
Added
2025-02-28
Modified
2025-03-03
Description
All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ.
Workaround
This vulnerability can be mitigated by disabling the include macro in Pebble Templates:
java
new PebbleEngine.Builder()
.registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder()
.disallowedTokenParserTags(List.of("include"))
.build())
.build();. A flaw was found in Pebble Templates. This vulnerability allows high-privileged attackers to access sensitive local files via the include tag, enabling arbitrary file inclusion.
Workaround
This vulnerability can be mitigated by disabling the include macro in Pebble Templates:
java
new PebbleEngine.Builder()
.registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder()
.disallowedTokenParserTags(List.of("include"))
.build())
.build();. A flaw was found in Pebble Templates. This vulnerability allows high-privileged attackers to access sensitive local files via the include tag, enabling arbitrary file inclusion.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CVE-2025-1686
- https://attackerkb.com/topics/CVE-2025-1686
- URL-https://access.redhat.com/security/cve/CVE-2025-1686
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2348665
- URL-https://github.com/PebbleTemplates/pebble/issues/680
- URL-https://github.com/PebbleTemplates/pebble/issues/688
- URL-https://pebbletemplates.io/wiki/tag/include
- URL-https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.