CVE-2025-48913

Published Aug 8, 2025

Last updated 7 months ago

CVSS critical 9.8

Overview

Description
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Source
security@apache.org
NVD status
Analyzed
Products
cxf

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@apache.org
CWE-20
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2025-48913 (CVSS:9.8, CRITICAL) is Undergoing Analysis. If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially ..https://t.co/O1EYyNX07i #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    13 Aug 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-48913 If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This … https://t.co/lfTvJ04t2m

    @CVEnew

    8 Aug 2025

    510 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-48913 CVE-2025-48913 https://t.co/Nrc0yoFZ5Q

    @VulmonFeeds

    7 Aug 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE https://t.co/12veoydKeu If untrusted users are allowed to configure JMS, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted.

    @oss_security

    7 Aug 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted. Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.CVE-2025-48795
  2. A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).CVE-2025-23184
  3. In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory CVE-2024-41172
  4. An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.  CVE-2024-32007
  5. A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.CVE-2024-29736

References

Sources include official advisories and independent security research.