CVE-2025-48913
Last modified
CVE-2025-48913 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.. EPSS estimates a 0.74% chance of exploitation in the next 30 days.
Description
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Cxf | < 3.6.8 |
| Apache | Cxf | >= 4.0.0, < 4.0.9 |
| Apache | Cxf | >= 4.1.0, < 4.1.3 |
References
- https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-48913?
How severe is CVE-2025-48913?
How do I fix CVE-2025-48913?
Are you affected by CVE-2025-48913?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST