CVE-2025-1686

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

ll versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();

References

Link	Resource
https://github.com/PebbleTemplates/pebble/issues/680	Issue Tracking
https://github.com/PebbleTemplates/pebble/issues/688	Issue Tracking Vendor Advisory
https://pebbletemplates.io/wiki/tag/include	Product
https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594	Exploit Third Party Advisory
https://github.com/PebbleTemplates/pebble/pull/715
https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pebbletemplates:pebble:*:*:*:*:*:*:*:*

History

19 Dec 2025, 16:15

Type	Values Removed	Values Added
References		() https://github.com/PebbleTemplates/pebble/pull/715 -
References	~~() https://github.com/PebbleTemplates/pebble/issues/688 - Vendor Advisory, Issue Tracking~~	() https://github.com/PebbleTemplates/pebble/issues/688 - Issue Tracking, Vendor Advisory

07 Apr 2025, 18:29

Type	Values Removed	Values Added
First Time		Pebbletemplates Pebbletemplates pebble
Summary		(es) Todas las versiones del paquete io.pebbletemplates:pebble son vulnerables al control externo del nombre o la ruta de archivo a través de la etiqueta include. Un atacante con privilegios elevados puede acceder a archivos locales confidenciales mediante la manipulación de plantillas de notificación maliciosas que aprovechen esta etiqueta para incluir archivos como /etc/passwd o /proc/1/environ. Solución alternativa Esta vulnerabilidad se puede mitigar deshabilitando la macro include en las plantillas Pebble: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
References	~~() https://github.com/PebbleTemplates/pebble/issues/680 -~~	() https://github.com/PebbleTemplates/pebble/issues/680 - Issue Tracking
References	~~() https://github.com/PebbleTemplates/pebble/issues/688 -~~	() https://github.com/PebbleTemplates/pebble/issues/688 - Vendor Advisory, Issue Tracking
References	~~() https://pebbletemplates.io/wiki/tag/include -~~	() https://pebbletemplates.io/wiki/tag/include - Product
References	~~() https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594 -~~	() https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:pebbletemplates:pebble::::::::

27 Feb 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594 -~~	() https://security.snyk.io/vuln/SNYK-JAVA-IOPEBBLETEMPLATES-8745594 -

27 Feb 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-27 05:15

Updated : 2025-12-19 16:15

NVD link : CVE-2025-1686

Mitre link : CVE-2025-1686

CVE.ORG link : CVE-2025-1686

JSON object : View

Products Affected

pebbletemplates

pebble

CWE

CWE-73

External Control of File Name or Path

6.8 /10