8.8
CVE-2025-53689
- EPSS 0.21%
- Veröffentlicht 14.07.2025 09:15:38
- Zuletzt bearbeitet 04.11.2025 22:16:26
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Jackrabbit Version >= 2.20.0 < 2.20.17
Apache ≫ Jackrabbit Version2.22.0
Apache ≫ Jackrabbit Version2.23.0 Updatebeta
Apache ≫ Jackrabbit Version2.23.1 Updatebeta
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.435 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.