5

CVE-2025-30474

EPSS 0.11%
Veröffentlicht 23.03.2025 14:15:51
Zuletzt bearbeitet 14.07.2025 18:13:56
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS.

The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message
This issue affects Apache Commons VFS: before 2.10.0.

Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Commons Vfs Version < 2.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.287

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5	1.6	3.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://issues.apache.org/jira/browse/VFS-169

Patch

Issue Tracking

https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/03/23/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-30474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30474

EUVD