CVE-2025-50151

CWE-20 — Improper Input Validation CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

8.8HIGH

EPSS

0.3%

top 45.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Jena Apache Software Foundation Apache Jena

Timeline

PublishedJul 21

Description

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/jena< 5.5.0

▶Mavenorg.apache.jena:jena< 5.5.0

▶CVEListV5apache_software_foundation/apache_jena5.4.0

🔴Vulnerability Details

OSV

CVE-2025-50151: File access paths in configuration files uploaded by users with administrator access are not validated↗2025-07-21

▶

GHSA

Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access↗2025-07-21

▶

OSV

Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access↗2025-07-21

▶

CVEList

Apache Jena: Configuration files uploaded by administrative users are not check properly↗2025-07-21

▶

📋Vendor Advisories

Red Hat

org.apache.jena: Apache Jena insufficent file validation↗2025-07-21

▶

Debian

CVE-2025-50151: apache-jena - File access paths in configuration files uploaded by users with administrator ac...↗2025

▶

Microsoft

smb: client: fix OOBs when building SMB2_IOCTL request↗2024-11-12

▶