CISA issues update on Wolfram Cloud JVM temporary directory vulnerability
Wolfram Cloud version 14.2 includes a vulnerability in its Java Virtual Machine (VM) (JVM) implementation that exposes unrestricted access to temporary directories within the cloud environment, potentially allowing privilege escalation and remote code execution. This flaw affects the multi-tenant setup of the platform where temporary folders can be accessed across users within the same cloud instance.
The issue identified as CVE-2025-11919 arises in Wolfram Cloud versions up to 14.2. The vulnerability is linked to the shared /tmp/ directory used by the instance kernel and the JVM initialization process. A race condition in the JVM startup allows malicious actors to manipulate the classpath by exploiting the shared /tmp/ directory. This is possible if the attacker can predict the timing of JVM launches and access unprotected temporary directories. The problem stems from the hosting platform's method of managing temporary file permissions within the multi-tenant environment, which permits cross-user access to these directories.
Exploitation of this vulnerability can result in complete control over software execution, leading to total information disclosure on the affected system. The outcomes include privilege escalation, the extraction of sensitive information, and remote code execution capabilities for an attacker accessing the shared temporary directory.
Resolution for this vulnerability involves upgrading the Wolfram Cloud to version 14.2.1 as recommended by CERT/CC. This update addresses the race condition and secures the JVM initialization against classpath poisoning in the multi-tenant context.
CERT/CC advises users of Wolfram Cloud version 14.2 to apply the available update promptly to remediate this vulnerability and reduce the risk of unauthorized access to temporary directories. This advisory was authored by Laurie Tyzenhaus and Renae Metcalf, with acknowledgment given to Peter Roberge of Pointer Cybersecurity for reporting the issue.