oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI

From: Andy Seaborne <andy () apache org>
Date: Mon, 21 Jul 2025 07:22:53 +0000
Severity: important 

Affected versions:

- Apache Jena through 5.4.0

Description:

Users with administrator access can create databases files outside the files area of the Fuseki server.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which fixes the issue.

Credit:

Noriaki Iwasaki; Cyber Defense Institute, Inc (reporter)

References:

https://jena.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-49656
Previous By Date Next
Previous By Thread Next

Current thread: