Home > Vulnerability Database > CVE-2025-48913

Mend.io Vulnerability Database

CVE-2025-48913

Good to know:

Date: August 8, 2025

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

Severity Score

9.8

Related Resources (5)

Url: https://github.com/apache/cxf

Url: https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48913

Url: https://github.com/apache/cxf/commit/24e50ffeca3132570c2f297c5c7dbd05a1bb1bfa

Url: https://www.mend.io/vulnerability-database/CVE-2025-48913

Severity Score

9.8

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.apache.cxf:cxf-rt-transports-jms:3.6.8;org.apache.cxf:cxf-rt-transports-jms:4.0.9;org.apache.cxf:cxf-rt-transports-jms:4.1.3

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48913

Good to know:

Date: August 8, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?