CVE-2025-49656

CWE-22Path Traversal7 documents6 sources
Severity
7.5HIGH
EPSS
0.3%
top 50.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache JenaApache Software Foundation Apache Jena
Timeline
PublishedJul 21

Description

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/jena< 5.5.0

🔴Vulnerability Details

4
GHSA
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server2025-07-21
CVEList
Apache Jena: Administrative users can create files outside the server directory space via the admin UI2025-07-21
OSV
CVE-2025-49656: Users with administrator access can create databases files outside the files area of the Fuseki server2025-07-21
OSV
Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server2025-07-21

📋Vendor Advisories

2
Red Hat
org.apache.jena/jena-arq: Apache Jena path traversal2025-07-21
Debian
CVE-2025-49656: apache-jena - Users with administrator access can create databases files outside the files are...2025
CVE-2025-49656 (HIGH CVSS 7.5) | Users with administrator access can | cvebase.io