CVE-2025-11919
Unprotected temporary directories in Wolfram Cloud may result in privilege escalation
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
| Vendor | wolfram research inc. |
| Product | cloud |
| Published | Jun 26, 2026 |
| Last Updated | Jun 26, 2026 |
Get instant alerts for wolfram research inc. cloud
Be the first to know when new critical vulnerabilities affecting wolfram research inc. cloud are published โ delivered to Slack, Telegram or Discord.