{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:51:04.145","vulnerabilities":[{"cve":{"id":"CVE-2025-70952","sourceIdentifier":"cve@mitre.org","published":"2026-03-25T19:16:28.260","lastModified":"2026-04-01T13:44:35.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation."},{"lang":"es","value":"pf4j anterior a 20c2f80 tiene una vulnerabilidad de salto de ruta en la función extract() de Unzip.java, donde el manejo inadecuado de los nombres de las entradas zip puede permitir ataques de salto de directorio o Zip Slip, debido a la falta de una normalización y validación de ruta adecuadas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pf4j_project:pf4j:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14.1","matchCriteriaId":"7857D4EE-9752-4195-80FF-87D2DE335A67"}]}]}],"references":[{"url":"https://gist.github.com/weaver4VD/410f23adb24ef5f5077f021f4393e705","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/pf4j/pf4j/issues/618","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/pf4j/pf4j/issues/623","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}