CVE-2025-53689

Опубликовано: 14 июл. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 8.8

Описание

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 13%

0.00044

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2025-53689

CVSS3: 7.1

redhat

26 дней назад

CVE-2025-53689

CVSS3: 8.8

nvd

26 дней назад

CVE-2025-53689

CVSS3: 8.8

debian

26 дней назад

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-cor ...

GHSA-44c3-38h8-9fh9

CVSS3: 8.8

github

26 дней назад

Apache Jackrabbit vulnerable to blind XXE attack due to insecure document build

EPSS

Процентиль: 13%

0.00044

Низкий

8.8 High

CVSS3

CVE-2025-53689

Описание

Пакет jackrabbit

Ссылки на источники

Связанные уязвимости