CVE-2025-53689
Last modified
CVE-2025-53689 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Jackrabbit | >= 2.20.0, < 2.20.17 | — |
| Apache | Jackrabbit | 2.22.0 | — |
| Apache | Jackrabbit | 2.23.0 | Beta |
| Apache | Jackrabbit | 2.23.1 | Beta |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-53689?
How severe is CVE-2025-53689?
How do I fix CVE-2025-53689?
Are you affected by CVE-2025-53689?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST