What is CVE-2014-3625?

CVE-2014-3625 is a vulnerability in Pivotal_software Spring_framework, classified under Path Traversal. Published 2014-11-20.

Is CVE-2014-3625 known to be exploited?

28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Pivotal_software Spring_framework

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.170 (95.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

RHSA-2015:0720 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
RHSA-2015:0236 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
[debian-lts-announce] 20190713 [SECURITY] [DLA 1853-1] libspring-java security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-3625?: CVE-2014-3625 is a vulnerability in Pivotal_software Spring_framework, classified under Path Traversal. Published 2014-11-20.
Is CVE-2014-3625 known to be exploited?: 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.