Vulnerability Reportmaven:4.0.0-rc-5-amazoncorretto-17

maven:4.0.0-rc-5-amazoncorretto-17

DIGESTsha256:b387fce90c2c940b9483566ce20f3aabb1d1a7cd52e093f05adad630b4b67ca3

Executive Summary

Threat ScoreDANGEROUS• Official Docker image but contains a critical vulnerability.• CVE-2025-67030 (plexus-utils directory traversal) with CVSS score 7.48 enables remote code execution during Maven builds.• No compensating controls are available to fully mitigate this vulnerability.

75/100DANGEROUS

ReputationOFFICIAL• Official Docker Hub Image• Pinned by digest (Immutable)

TRUSTED

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit CVE-2025-67030 to execute arbitrary code by supplying a malicious archive processed during Maven builds, compromising the entire build environment.

Vulnerabilities

Vulnerability Log

2 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2025-67030	HIGH7.48	org.codehaus.plexus:plexus-utils 4.0.2 fixed in 4.0.3, 3.6.1	0.7% Theoretical Threat	Directly ExposedContext importance: HIGH
CVE-2026-7598	LOW2.78	libssh2 1.4.3-12.amzn2.2.6 fixed in 1.4.3-12.amzn2.2.7	0.4% Theoretical Threat	Post-Exploit