Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-48913

Опубликовано: 08 авг. 2025
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.

Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Версия до 3.6.8 (исключая)
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.0.9 (исключая)
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
Версия от 4.1.0 (включая) до 4.1.3 (исключая)

EPSS

Процентиль: 28%
0.00097
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

redhat логотип

CVE-2025-48913

CVSS3: 8.3
redhat
9 дней назад

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

github логотип

GHSA-g4px-6qhm-hqjm

github
9 дней назад

Apache CXF: Untrusted JMS configuration can lead to RCE

EPSS

Процентиль: 28%
0.00097
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo