6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-46096

GHSA ID

GHSA-m63q-4hr8-5r5h

EPSS Score

0.3498%

CWE

CWE-22

Published

6/13/2025

Updated

6/13/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-46096

CVE-2025-46096: Solon Vulnerable to Directory Traversal

Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-46096

GHSA ID

GHSA-m63q-4hr8-5r5h

EPSS Score

0.3498%

CWE

CWE-22

Published

6/13/2025

Updated

6/13/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.noear:solon-faas-luffy	maven	>= 3.1.2, < 3.2.0	3.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a directory traversal in the solon-faas-luffy component of Solon. The provided commit 49a3bf95fdcf050829843004b65a2b336ca6ddff directly addresses this issue. The patch modifies the fileGet method within the JtFunctionLoaderFile.java file. Specifically, it adds a conditional check at the beginning of the function to see if the input path string contains "../" or "..\\". If such sequences are found, the function now returns null, effectively preventing the traversal. This indicates that prior to this patch, the fileGet function would process such paths, leading to the directory traversal vulnerability. Therefore, org.noear.solon.luffy.impl.JtFunctionLoaderFile.fileGet is the vulnerable function as it directly processed the user-controlled path that could be manipulated for directory traversal.

Vulnerable functions

org.noear.solon.luffy.impl.JtFunctionLoaderFile.fileGet

solon-projects/solon-faas/solon-faas-luffy/src/main/java/org/noear/solon/luffy/impl/JtFunctionLoaderFile.java

The `fileGet` function in `JtFunctionLoaderFile.java` was vulnerable to directory traversal because it did not properly sanitize the `path` parameter. An attacker could use `../` or `..\` sequences to access files outside the intended directory. The patch added a check to prevent this.

WAF Protection Rules

WAF Rule

*ir**tory Tr*v*rs*l vuln*r**ility in solon v.*.*.* *llows * r*mot* *tt**k*r to *on*u*t XSS *tt**ks vi* t** solon-***s-lu**y *ompon*nt

Reasoning

T** vuln*r**ility is * *ir**tory tr*v*rs*l in t** `solon-***s-lu**y` *ompon*nt o* Solon. T** provi*** *ommit `****************************************` *ir**tly ***r*ss*s t*is issu*. T** p*t** mo*i*i*s t** `*il***t` m*t*o* wit*in t** `Jt*un*tionLo***

6.1

Basic Information

Concerned about an active attack path?

CVE-2025-46096: Solon Vulnerable to Directory Traversal

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI