Home > Vulnerability Database > CVE-2025-46295

Mend.io Vulnerability Database

CVE-2025-46295

Good to know:

Date: December 16, 2025

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

Severity Score

9.8

Related Resources (3)

Url: https://support.claris.com/s/answerview?anum=000049059&language=en_US

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-46295

Url: https://www.mend.io/vulnerability-database/CVE-2025-46295

Severity Score

9.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version org.apache.commons:commons-text:1.10.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-46295

Good to know:

Date: December 16, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?