← voltar
CVE-2025-53689

Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons

CVSS 8.8 HIGHEPSS 0.5%CWE-611
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
14 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Apache Software Foundation · Apache Jackrabbit

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread/5pf9n76ny13pzzk765og2h3gxdxw7p24http://www.openwall.com/lists/oss-security/2025/07/14/1