CVE-2014-3625

CVE Database · CVE-2014-3625

CVE-2014-3625

· N/AModified

CVSS v3.1

N/A

EPSS

10.05%

Published

Nov 20, 2014

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Weaknesses (CWE)

CWE-22

Affected Products (5)

pivotal_software · spring_frameworkvulnerable

pivotal_software · spring_framework (up to 3.2.12)vulnerable

pivotal_software · spring_framework (up to 4.0.8)vulnerable

pivotal_software · spring_framework (up to 4.1.2)vulnerable

vmware · spring_frameworkvulnerable

References (10)

http://rhn.redhat.com/errata/RHSA-2015-0236.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0720.html

Third Party Advisory

http://www.pivotal.io/security/cve-2014-3625

Vendor Advisory

https://jira.spring.io/browse/SPR-12354

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html

http://rhn.redhat.com/errata/RHSA-2015-0236.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0720.html

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs