CVE-2025-66249 in Livy
Summary
by MITRE • 03/13/2026
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy.
This issue affects Apache Livy: from 0.3.0 before 0.9.0.
The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the directory checking can be bypassed.
Users are recommended to upgrade to version 0.9.0, which fixes the issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/20/2026
The CVE-2025-66249 vulnerability represents a critical path traversal flaw in Apache Livy that enables unauthorized file system access through improper pathname limitation. This vulnerability specifically targets the restricted directory validation mechanism within the Livy server component, which is designed to prevent arbitrary file access by limiting operations to predefined directories. The flaw manifests when the default security configuration is modified, creating an exploitable condition that bypasses essential access controls. Apache Livy serves as a REST interface for Spark applications and typically operates in distributed computing environments where proper access controls are paramount for maintaining system integrity and data confidentiality.
The technical implementation of this vulnerability stems from inadequate input validation within the file handling routines of the Livy server. When administrators configure the "livy.file.local-dir-whitelist" parameter with non-standard values, the system fails to properly validate pathname components, allowing attackers to traverse directory structures beyond the intended restricted paths. This weakness enables attackers to access files outside the designated directories, potentially exposing sensitive configuration files, credentials, or other system resources. The vulnerability operates at the application layer and requires specific configuration conditions to be exploitable, making it less likely to affect systems with default settings but still poses significant risk in environments where custom configurations are implemented. The flaw aligns with CWE-22 Path Traversal and follows attack patterns documented in the ATT&CK framework under T1059 Command and Scripting Interpreter and T1566 Phishing.
The operational impact of this vulnerability extends beyond simple unauthorized file access, potentially enabling more sophisticated attacks within the targeted environment. An attacker who successfully exploits this vulnerability could access sensitive data, modify configuration files, or potentially escalate privileges within the Livy server environment. The vulnerability particularly affects organizations using Apache Livy in production environments where custom directory whitelisting configurations are implemented, as these setups provide the necessary conditions for exploitation. The impact is compounded by the fact that Livy typically operates in big data processing environments where sensitive information and credentials are frequently processed and stored. Organizations using Livy versions between 0.3.0 and 0.8.9 are particularly vulnerable, as these versions lack the security improvements implemented in the 0.9.0 release that address this specific path traversal condition.
The recommended mitigation strategy involves immediate upgrading to Apache Livy version 0.9.0 or later, which implements proper pathname validation and strengthens directory access controls. Additionally, system administrators should review and validate all custom configurations, particularly the "livy.file.local-dir-whitelist" parameter, ensuring that it follows security best practices and does not inadvertently create exploitable conditions. Organizations should also implement monitoring for unusual file access patterns and consider restricting access to Livy server endpoints through network segmentation. The fix addresses the root cause by implementing robust input sanitization and validation checks that prevent directory traversal attempts regardless of the whitelisting configuration. Security teams should also conduct comprehensive vulnerability assessments to identify any other systems that might be using affected Livy versions and ensure proper patch management procedures are in place to prevent similar issues in the future.