Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Plexus-utils update fixes directory traversal weakness
SUSE-SU-2026:1396-1
Summary
This update for plexus-utils fixes a security weakness that could allow an attacker to access and manipulate files on a system. This is a potential security risk, so it's recommended to update to the latest version (4.0.2) to ensure your system's security. No other changes are required, as the update will automatically include the new version.
What to do
- Update plexus-utils to version 4.0.2-150200.3.14.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Development Tools 15 SP7 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server 15 SP4-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server 15 SP5-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
| openSUSE:Leap 15.6 | – | plexus-utils |
< 4.0.2-150200.3.14.1 Fix: upgrade to 4.0.2-150200.3.14.1
|
Original title
Security update for plexus-utils
Original description
This update for plexus-utils fixes the following issue:
Security fixes:
- CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588).
Update to version 4.0.2:
* Bug Fixes
+ Specify /D for cmd.exe to bypass the Command Processor
Autorun folder
* Dependency updates
+ Bump org.codehaus.plexus:plexus from 17 to 18
+ Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1
Security fixes:
- CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588).
Update to version 4.0.2:
* Bug Fixes
+ Specify /D for cmd.exe to bypass the Command Processor
Autorun folder
* Dependency updates
+ Bump org.codehaus.plexus:plexus from 17 to 18
+ Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1
- https://www.suse.com/support/update/announcement/2026/suse-su-20261396-1/ Vendor Advisory
- https://bugzilla.suse.com/1260588 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2025-67030 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026