CVE-2025-1686

Name
CVE-2025-1686
Description
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
report@snyk.io https://github.com/PebbleTemplates/pebble/issues/680
report@snyk.io https://github.com/PebbleTemplates/pebble/issues/688
report@snyk.io https://pebbletemplates.io/wiki/tag/include
report@snyk.io https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594
af854a3a-2127-422b-91ae-364da2661108 https://github.com/PebbleTemplates/pebble/pull/715
report@snyk.io https://github.com/PebbleTemplates/pebble/commit/b3451c8f305a1a248fbcc2363fd307d0baaee329

Match rules

CPE URI Source package Min version Max version
io.pebbletemplates:pebble >= 0 < *
cpe:2.3:a:pebbletemplates:pebble:*:*:*:*:*:*:*:* pebble == None == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
pebble edge-community 2.8.0-r9 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r8 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r7 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r6 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r5 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r4 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r3 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r2 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r1 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.8.0-r0 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.7.0-r4 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.7.0-r3 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.7.0-r2 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.7.0-r1 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.7.0-r0 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.6.0-r2 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble edge-community 2.6.0-r1 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.23-community 2.8.0-r9 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.23-community 2.8.0-r8 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.23-community 2.8.0-r7 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.23-community 2.8.0-r6 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.23-community 2.8.0-r5 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.22-community 2.7.0-r8 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.22-community 2.7.0-r7 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.22-community 2.7.0-r6 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.22-community 2.7.0-r5 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable
pebble 3.22-community 2.6.0-r6 Duncan Bellamy <dunk@denkimushi.com> possibly vulnerable