Severity by source
Network-reachable via repository fetch but AC:H (attacker must control a trusted repo); PR:L for required repo write access; UI:R for mandatory developer-initiated build; S:C as traversal escapes buildRoot; I:H for arbitrary file overwrite; A:L for potential build disruption.
Lifecycle Timeline
2Description PRE-NVD
Articles & Coverage 1
AnalysisAI
Path traversal in Apache Ivy's PackagerResolver (versions 2.0.0 through 2.5.3) allows an attacker with write access to a packager repository to overwrite arbitrary files outside the configured buildRoot directory by embedding '../' sequences in module coordinates such as organisation, name, or revision. The overwrite occurs during the Ant-script-driven repackaging phase that PackagerResolver triggers on artifact download. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The Apache security team rated this vulnerability moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with write access to a packager repository (e.g., a compromised contributor account or a malicious repository added to the Ivy resolver chain) adds a module with an organisation coordinate such as 'com/example/../../../etc' and a crafted packager.xml. When a developer or CI pipeline triggers an Ivy build that resolves this module, PackagerResolver constructs a path outside buildRoot and the Ant repackaging script overwrites a target file - for example, a shell script or SSH authorized_keys file - with attacker-controlled content. … |
| Remediation | Upgrade to Apache Ivy 2.6.0, released July 14, 2026, available for download at https://ant.apache.org/ivy/download.cgi. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Apache Ivy versions 2.0.0-2.5.3 and verify access controls on packager repositories restrict write permissions to authorized personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today