CVE-2025-11919 - Unprotected temporary directories in Wolfram Cloud may result in privilege escalation
CVE ID :CVE-2025-11919
Published : June 26, 2026, 3:39 p.m. | 1 hour, 2 minutes ago
Description :The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 26, 2026, 3:39 p.m. | 1 hour, 2 minutes ago
Description :The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...