Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tj95-xfgu-pya7
Vulnerability ID VCID-tj95-xfgu-pya7
Aliases CVE-2014-3625
GHSA-hhm4-hwq6-3c6w
Summary Directory traversal flaw Directory traversal vulnerability in this package allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0236.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0720.html
epss 0.16987 https://api.first.org/data/v1/epss?cve=CVE-2014-3625
generic_textual MODERATE https://github.com/spring-projects/spring-framework
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
generic_textual MODERATE https://jira.spring.io/browse/SPR-12354
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-3625
generic_textual MODERATE http://www.pivotal.io/security/cve-2014-3625
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2015-0236.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3625.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3625
https://github.com/spring-projects/spring-framework
https://github.com/spring-projects/spring-framework/commit/161d3e3049f129e211f68a4e94b544e0f0d8384d
https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601
https://github.com/spring-projects/spring-framework/commit/9beae9ae4226c45cd428035dae81214439324676
https://github.com/spring-projects/spring-framework/commit/9cef8e3001ddd61c734281a7556efd84b6cc2755
https://jira.spring.io/browse/SPR-12354
https://lists.debian.org/debian-lts-announce/2019/07/msg00012.html
https://nvd.nist.gov/vuln/detail/CVE-2014-3625
1165936 https://bugzilla.redhat.com/show_bug.cgi?id=1165936
769698 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769698
CVE-2014-3625 https://bugzilla.redhat.com/CVE-2014-3625
CVE-2014-3625 http://www.pivotal.io/security/cve-2014-3625
RHSA-2015:0234 https://access.redhat.com/errata/RHSA-2015:0234
RHSA-2015:0235 https://access.redhat.com/errata/RHSA-2015:0235
RHSA-2015:0236 https://access.redhat.com/errata/RHSA-2015:0236
RHSA-2015:0720 https://access.redhat.com/errata/RHSA-2015:0720
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.951
EPSS Score 0.16987
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:36:19.819769+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webmvc/CVE-2014-3625.yml 38.6.0