9.8

CVE-2025-48913

Medienbericht

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities.  This interface is now restricted to reject those protocols, removing this possibility.

Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCxf Version < 3.6.8
ApacheCxf Version >= 4.0.0 < 4.0.9
ApacheCxf Version >= 4.1.0 < 4.1.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.79% 0.52
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
14.10.2025 10:42
https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2025/08/07/2