Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
RHSA-2026:36012
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2026:36012
Import Source
https://security.access.redhat.com/data/osv/RHSA-2026:36012.json
JSON Data
https://api.osv.dev/v1/vulns/RHSA-2026:36012
Upstream
CVE-2025-67030
Published
2026-07-07T10:09:37Z
Modified
2026-07-07T10:15:21.254742767Z
Severity
8.3 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS Calculator
Summary
Red Hat Security Advisory: maven:3.9 security update
Details
References
https://access.redhat.com/errata/RHSA-2026:36012
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2451409
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36012.json
https://access.redhat.com/security/cve/CVE-2025-67030
https://www.cve.org/CVERecord?id=CVE-2025-67030
https://nvd.nist.gov/vuln/detail/CVE-2025-67030
https://gist.github.com/weaver4VD/3216dac645220f8c9b488362f61241ec
https://github.com/codehaus-plexus/plexus-utils/commit/6d780b3378829318ba5c2d29547e0012d5b29642
https://github.com/codehaus-plexus/plexus-utils/issues/294
https://github.com/codehaus-plexus/plexus-utils/pull/295
https://github.com/codehaus-plexus/plexus-utils/pull/296
Affected packages
Red Hat:rhel_eus:9.6::appstream
aopalliance
Package
Name
aopalliance
Purl
pkg:rpm/redhat/aopalliance
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0-51.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
apache-commons-cli
Package
Name
apache-commons-cli
Purl
pkg:rpm/redhat/apache-commons-cli
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.9.0-4.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
apache-commons-codec
Package
Name
apache-commons-codec
Purl
pkg:rpm/redhat/apache-commons-codec
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.17.1-8.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
apache-commons-io
Package
Name
apache-commons-io
Purl
pkg:rpm/redhat/apache-commons-io
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:2.16.1-9.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
atinject
Package
Name
atinject
Purl
pkg:rpm/redhat/atinject
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.0.5-14.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
google-guice
Package
Name
google-guice
Purl
pkg:rpm/redhat/google-guice
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:5.1.0-23.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
guava
Package
Name
guava
Purl
pkg:rpm/redhat/guava
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:33.3.0-5.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
httpcomponents-client
Package
Name
httpcomponents-client
Purl
pkg:rpm/redhat/httpcomponents-client
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.5.14-21.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
httpcomponents-core
Package
Name
httpcomponents-core
Purl
pkg:rpm/redhat/httpcomponents-core
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:4.4.16-21.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
jakarta-annotations
Package
Name
jakarta-annotations
Purl
pkg:rpm/redhat/jakarta-annotations
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.3.5-38.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
jansi
Package
Name
jansi
Purl
pkg:rpm/redhat/jansi
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.4.1-12.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
jcl-over-slf4j
Package
Name
jcl-over-slf4j
Purl
pkg:rpm/redhat/jcl-over-slf4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.36-9.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
jsr-305
Package
Name
jsr-305
Purl
pkg:rpm/redhat/jsr-305
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.0.2-36.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven
Package
Name
maven
Purl
pkg:rpm/redhat/maven
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-lib
Package
Name
maven-lib
Purl
pkg:rpm/redhat/maven-lib
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-openjdk11
Package
Name
maven-openjdk11
Purl
pkg:rpm/redhat/maven-openjdk11
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-openjdk17
Package
Name
maven-openjdk17
Purl
pkg:rpm/redhat/maven-openjdk17
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-openjdk21
Package
Name
maven-openjdk21
Purl
pkg:rpm/redhat/maven-openjdk21
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-openjdk8
Package
Name
maven-openjdk8
Purl
pkg:rpm/redhat/maven-openjdk8
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-resolver
Package
Name
maven-resolver
Purl
pkg:rpm/redhat/maven-resolver
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:1.9.22-6.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-shared-utils
Package
Name
maven-shared-utils
Purl
pkg:rpm/redhat/maven-shared-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.4.2-19.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-unbound
Package
Name
maven-unbound
Purl
pkg:rpm/redhat/maven-unbound
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:3.9.9-12.module+el9.6.0+24382+3f72e30c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
maven-wagon
Package
Name
maven-wagon
Purl
pkg:rpm/redhat/maven-wagon
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.5.3-17.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-cipher
Package
Name
plexus-cipher
Purl
pkg:rpm/redhat/plexus-cipher
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0-25.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-classworlds
Package
Name
plexus-classworlds
Purl
pkg:rpm/redhat/plexus-classworlds
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.8.0-9.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-containers
Package
Name
plexus-containers
Purl
pkg:rpm/redhat/plexus-containers
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.2.0-10.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-containers-component-annotations
Package
Name
plexus-containers-component-annotations
Purl
pkg:rpm/redhat/plexus-containers-component-annotations
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.2.0-10.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-interpolation
Package
Name
plexus-interpolation
Purl
pkg:rpm/redhat/plexus-interpolation
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.27-10.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-sec-dispatcher
Package
Name
plexus-sec-dispatcher
Purl
pkg:rpm/redhat/plexus-sec-dispatcher
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0-28.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
plexus-utils
Package
Name
plexus-utils
Purl
pkg:rpm/redhat/plexus-utils
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.5.1-17.module+el9.6.0+24382+3f72e30c.1
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
sisu
Package
Name
sisu
Purl
pkg:rpm/redhat/sisu
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
1:0.9.0~M3-7.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
slf4j
Package
Name
slf4j
Purl
pkg:rpm/redhat/slf4j
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:1.7.36-9.module+el9.6.0+22733+e520f63c
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:36012.json"
RHSA-2026:36012 - OSV