CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-11919: The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-in

criticalCVSS 9.6CVE-2025-11919
The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance (/tmp/UserTemporaryFiles/). The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared /tmp/ space can preemptively create or replace .jar files or directories (via the -init file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., commons-io) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.

Details

Source
NVD Recent CVEs (US · database · site)
Severity
critical — CVSS 9.6
Published
2026-06-26
Last updated
2026-06-26
Exploitation
Not in CISA KEV at last sync

Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-11919

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-11919coverage & exploitation statusNVD · CVE.org

More from NVD Recent CVEs