CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.4%

CVSS Severity

CVSS v3 Score 6.8

References

Products affected by CVE-2025-1686

Pebbletemplates » Pebble Templates » Version: 0.0.1

cpe:2.3:a:pebbletemplates:pebble_templates:0.0.1
Pebbletemplates » Pebble Templates » Version: 0.0.2

cpe:2.3:a:pebbletemplates:pebble_templates:0.0.2
Pebbletemplates » Pebble Templates » Version: 0.0.3

cpe:2.3:a:pebbletemplates:pebble_templates:0.0.3
Pebbletemplates » Pebble Templates » Version: 0.1.0

cpe:2.3:a:pebbletemplates:pebble_templates:0.1.0
Pebbletemplates » Pebble Templates » Version: 0.1.1

cpe:2.3:a:pebbletemplates:pebble_templates:0.1.1
Pebbletemplates » Pebble Templates » Version: 0.1.2

cpe:2.3:a:pebbletemplates:pebble_templates:0.1.2
Pebbletemplates » Pebble Templates » Version: 0.1.3

cpe:2.3:a:pebbletemplates:pebble_templates:0.1.3
Pebbletemplates » Pebble Templates » Version: 0.1.4

cpe:2.3:a:pebbletemplates:pebble_templates:0.1.4
Pebbletemplates » Pebble Templates » Version: 0.1.5

cpe:2.3:a:pebbletemplates:pebble_templates:0.1.5
Pebbletemplates » Pebble Templates » Version: 0.2.0

cpe:2.3:a:pebbletemplates:pebble_templates:0.2.0
Pebbletemplates » Pebble Templates » Version: 0.3.0

cpe:2.3:a:pebbletemplates:pebble_templates:0.3.0
Pebbletemplates » Pebble Templates » Version: 0.4.0

cpe:2.3:a:pebbletemplates:pebble_templates:0.4.0
Pebbletemplates » Pebble Templates » Version: 1.0.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.0.0
Pebbletemplates » Pebble Templates » Version: 1.1.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.1.0
Pebbletemplates » Pebble Templates » Version: 1.2.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.2.0
Pebbletemplates » Pebble Templates » Version: 1.3.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.3.0
Pebbletemplates » Pebble Templates » Version: 1.3.1

cpe:2.3:a:pebbletemplates:pebble_templates:1.3.1
Pebbletemplates » Pebble Templates » Version: 1.4.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.4.0
Pebbletemplates » Pebble Templates » Version: 1.4.1

cpe:2.3:a:pebbletemplates:pebble_templates:1.4.1
Pebbletemplates » Pebble Templates » Version: 1.4.2

cpe:2.3:a:pebbletemplates:pebble_templates:1.4.2
Pebbletemplates » Pebble Templates » Version: 1.4.3

cpe:2.3:a:pebbletemplates:pebble_templates:1.4.3
Pebbletemplates » Pebble Templates » Version: 1.4.4

cpe:2.3:a:pebbletemplates:pebble_templates:1.4.4
Pebbletemplates » Pebble Templates » Version: 1.4.5

cpe:2.3:a:pebbletemplates:pebble_templates:1.4.5
Pebbletemplates » Pebble Templates » Version: 1.5.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.5.0
Pebbletemplates » Pebble Templates » Version: 1.5.1

cpe:2.3:a:pebbletemplates:pebble_templates:1.5.1
Pebbletemplates » Pebble Templates » Version: 1.5.2

cpe:2.3:a:pebbletemplates:pebble_templates:1.5.2
Pebbletemplates » Pebble Templates » Version: 1.6.0

cpe:2.3:a:pebbletemplates:pebble_templates:1.6.0
Pebbletemplates » Pebble Templates » Version: 2.0.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.0.0
Pebbletemplates » Pebble Templates » Version: 2.1.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.1.0
Pebbletemplates » Pebble Templates » Version: 2.2.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.2.0
Pebbletemplates » Pebble Templates » Version: 2.2.1

cpe:2.3:a:pebbletemplates:pebble_templates:2.2.1
Pebbletemplates » Pebble Templates » Version: 2.2.2

cpe:2.3:a:pebbletemplates:pebble_templates:2.2.2
Pebbletemplates » Pebble Templates » Version: 2.2.3

cpe:2.3:a:pebbletemplates:pebble_templates:2.2.3
Pebbletemplates » Pebble Templates » Version: 2.3.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.3.0
Pebbletemplates » Pebble Templates » Version: 2.4.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.4.0
Pebbletemplates » Pebble Templates » Version: 2.5.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.5.0
Pebbletemplates » Pebble Templates » Version: 2.5.1

cpe:2.3:a:pebbletemplates:pebble_templates:2.5.1
Pebbletemplates » Pebble Templates » Version: 2.6.0

cpe:2.3:a:pebbletemplates:pebble_templates:2.6.0
Pebbletemplates » Pebble Templates » Version: 2.6.1

cpe:2.3:a:pebbletemplates:pebble_templates:2.6.1
Pebbletemplates » Pebble Templates » Version: 2.6.2

cpe:2.3:a:pebbletemplates:pebble_templates:2.6.2
Pebbletemplates » Pebble Templates » Version: 3.0.0

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.0
Pebbletemplates » Pebble Templates » Version: 3.0.1

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.1
Pebbletemplates » Pebble Templates » Version: 3.0.10

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.10
Pebbletemplates » Pebble Templates » Version: 3.0.2

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.2
Pebbletemplates » Pebble Templates » Version: 3.0.3

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.3
Pebbletemplates » Pebble Templates » Version: 3.0.4

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.4
Pebbletemplates » Pebble Templates » Version: 3.0.5

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.5
Pebbletemplates » Pebble Templates » Version: 3.0.6

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.6
Pebbletemplates » Pebble Templates » Version: 3.0.7

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.7
Pebbletemplates » Pebble Templates » Version: 3.0.8

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.8
Pebbletemplates » Pebble Templates » Version: 3.0.9

cpe:2.3:a:pebbletemplates:pebble_templates:3.0.9
Pebbletemplates » Pebble Templates » Version: 3.1.0

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.0
Pebbletemplates » Pebble Templates » Version: 3.1.1

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.1
Pebbletemplates » Pebble Templates » Version: 3.1.2

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.2
Pebbletemplates » Pebble Templates » Version: 3.1.3

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.3
Pebbletemplates » Pebble Templates » Version: 3.1.4

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.4
Pebbletemplates » Pebble Templates » Version: 3.1.5

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.5
Pebbletemplates » Pebble Templates » Version: 3.1.6

cpe:2.3:a:pebbletemplates:pebble_templates:3.1.6
Pebbletemplates » Pebble Templates » Version: 3.2.0

cpe:2.3:a:pebbletemplates:pebble_templates:3.2.0
Pebbletemplates » Pebble Templates » Version: 3.2.1

cpe:2.3:a:pebbletemplates:pebble_templates:3.2.1
Pebbletemplates » Pebble Templates » Version: 3.2.2

cpe:2.3:a:pebbletemplates:pebble_templates:3.2.2
Pebbletemplates » Pebble Templates » Version: 3.2.3

cpe:2.3:a:pebbletemplates:pebble_templates:3.2.3
Pebbletemplates » Pebble Templates » Version: 3.2.4

cpe:2.3:a:pebbletemplates:pebble_templates:3.2.4
Pebbletemplates » Pebble Templates » Version: 4.0.0

cpe:2.3:a:pebbletemplates:pebble_templates:4.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1686

Products

Pricing

Contact Us