CVE-2025-1686

CVE-2025-1686

Name

CVE-2025-1686

Description

All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
report@snyk.io	https://github.com/PebbleTemplates/pebble/issues/680
report@snyk.io	https://github.com/PebbleTemplates/pebble/issues/688
report@snyk.io	https://pebbletemplates.io/wiki/tag/include
report@snyk.io	https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594

Type

URI

report@snyk.io

https://github.com/PebbleTemplates/pebble/issues/680

report@snyk.io

https://github.com/PebbleTemplates/pebble/issues/688

report@snyk.io

https://pebbletemplates.io/wiki/tag/include

report@snyk.io

https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594

CPE URI	Source package	Min version	Max version
	io.pebbletemplates:pebble	>= 0	< *
`cpe:2.3:a:pebbletemplates:pebble::::::::`	pebble	== None	== None

CPE URI

Source package

Min version

Max version

io.pebbletemplates:pebble

>= 0

< *

cpe:2.3:a:pebbletemplates:pebble:*:*:*:*:*:*:*:*

pebble

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
pebble	edge-community	2.8.0-r5	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.8.0-r4	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.8.0-r3	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.8.0-r2	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.8.0-r1	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.8.0-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.7.0-r4	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.7.0-r3	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.7.0-r2	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.7.0-r1	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.7.0-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.6.0-r2	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	edge-community	2.6.0-r1	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	3.22-community	2.7.0-r8	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	3.22-community	2.7.0-r7	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	3.22-community	2.7.0-r6	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	3.22-community	2.7.0-r5	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
pebble	3.22-community	2.6.0-r6	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages