Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-53689

Опубликовано: 14 июл. 2025
Источник: nvd
CVSS3: 8.8
EPSS Низкий

Описание

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges.

Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:jackrabbit:*:*:*:*:*:*:*:*
Версия от 2.20.0 (включая) до 2.20.17 (исключая)
cpe:2.3:a:apache:jackrabbit:2.22.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.23.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:jackrabbit:2.23.1:beta:*:*:*:*:*:*

EPSS

Процентиль: 14%
0.00046
Низкий

8.8 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

ubuntu логотип

CVE-2025-53689

CVSS3: 8.8
ubuntu
26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

redhat логотип

CVE-2025-53689

CVSS3: 7.1
redhat
26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

debian логотип

CVE-2025-53689

CVSS3: 8.8
debian
26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-cor ...

github логотип

GHSA-44c3-38h8-9fh9

CVSS3: 8.8
github
26 дней назад

Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build

EPSS

Процентиль: 14%
0.00046
Низкий

8.8 High

CVSS3

Дефекты

CWE-611