← voltar
CVE-2025-53689

Apache Jackrabbit: XXE vulnerability in jackrabbit-spi-commons

CVSS 8.8 HIGHEPSS 0.5%CWE-611
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Apache Software Foundation · Apache Jackrabbit

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread/5pf9n76ny13pzzk765og2h3gxdxw7p24http://www.openwall.com/lists/oss-security/2025/07/14/1