Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Plexus-Utils: Directory Traversal Risk in Windows
Summary
Plexus-Utils, a library used by some software, has a security issue that could allow an attacker to access files they shouldn't be able to. This update fixes the problem and we recommend updating to version 4.0.2 to stay secure. This update also includes other bug fixes and dependency updates.
What to do
- Update plexus-utils to version 4.0.2-150200.3.14.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Development Tools 15 SP7 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server 15 SP4-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server 15 SP5-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| openSUSE:Leap 15.6 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
Original title
Security update for plexus-utils
Original description
This update for plexus-utils fixes the following issue:
Security fixes:
- CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588).
Update to version 4.0.2:
* Bug Fixes
+ Specify /D for cmd.exe to bypass the Command Processor
Autorun folder
* Dependency updates
+ Bump org.codehaus.plexus:plexus from 17 to 18
+ Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1
Security fixes:
- CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588).
Update to version 4.0.2:
* Bug Fixes
+ Specify /D for cmd.exe to bypass the Command Processor
Autorun folder
* Dependency updates
+ Bump org.codehaus.plexus:plexus from 17 to 18
+ Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1
- https://www.suse.com/support/update/announcement/2026/suse-su-20261396-1/ Vendor Advisory
- https://bugzilla.suse.com/1260588 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-67030 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026