Synopsis
Important: plexus-utils security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for plexus-utils is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an application server which is like a J2EE application server, without all the baggage.
Security Fix(es):
- org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method (CVE-2025-67030)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
-
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
-
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
-
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
-
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
-
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
-
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64
Fixes
-
BZ - 2451409
- CVE-2025-67030 org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| x86_64 |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| s390x |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| ppc64le |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| aarch64 |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0
| SRPM |
| x86_64 |
|
plexus-utils-javadoc-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: 7dabbf314814cc692f066a619355b24b4ce5ee350ebfbca62ef6d183cd562bc2 |
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0
| SRPM |
| ppc64le |
|
plexus-utils-javadoc-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: 7dabbf314814cc692f066a619355b24b4ce5ee350ebfbca62ef6d183cd562bc2 |
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0
| SRPM |
| s390x |
|
plexus-utils-javadoc-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: 7dabbf314814cc692f066a619355b24b4ce5ee350ebfbca62ef6d183cd562bc2 |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0
| SRPM |
| aarch64 |
|
plexus-utils-javadoc-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: 7dabbf314814cc692f066a619355b24b4ce5ee350ebfbca62ef6d183cd562bc2 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| aarch64 |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| s390x |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| ppc64le |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0
| SRPM |
|
plexus-utils-3.5.1-8.el10_0.1.src.rpm
|
SHA-256: f712c9e95e35699a97534e7b0a028d097009f31fc0df6af029c8e3a5993ac126 |
| x86_64 |
|
plexus-utils-3.5.1-8.el10_0.1.noarch.rpm
|
SHA-256: a3eeb8ed0331391031b0dd67706f50fa9a7acb2a29bcf58d330f693654dcba23 |