CVE-2025-46392Uncontrolled Resource Consumption in Software Foundation Apache Commons Configuration

CWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 26.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Commons ConfigurationApache Commons Configuration
Timeline
PublishedMay 9

Description

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurati

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

4
OSV
Apache Commons Configuration Uncontrolled Resource Consumption2025-05-09
OSV
CVE-2025-46392: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 12025-05-09
GHSA
Apache Commons Configuration Uncontrolled Resource Consumption2025-05-09
CVEList
Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x2025-05-09

📋Vendor Advisories

2
Red Hat
apache-commons-configuration: Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x2025-05-09
Debian
CVE-2025-46392: commons-configuration - Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration ...2025
CVE-2025-46392 — Uncontrolled Resource Consumption | cvebase