Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-53689

Опубликовано: 14 июл. 2025
Источник: debian
EPSS Низкий

Описание

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jackrabbitfixed2.20.11-1.1package

Примечания

  • https://lists.apache.org/thread/5pf9n76ny13pzzk765og2h3gxdxw7p24

  • https://issues.apache.org/jira/browse/JCR-5165

  • https://github.com/apache/jackrabbit/pull/263

  • https://github.com/apache/jackrabbit/commit/1d6cb3d0fcc8d51980b90ddcf94122d3e4add83e (jackrabbit-2.20.17)

EPSS

Процентиль: 14%
0.00046
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-53689

CVSS3: 8.8
ubuntu
26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

redhat логотип

CVE-2025-53689

CVSS3: 7.1
redhat
26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

nvd логотип

CVE-2025-53689

CVSS3: 8.8
nvd
26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

github логотип

GHSA-44c3-38h8-9fh9

CVSS3: 8.8
github
26 дней назад

Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build

EPSS

Процентиль: 14%
0.00046
Низкий