- Description
- Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@apache.org
- CWE-611
- Hype score
- Not currently trending
Apache Jackrabbitの複数バージョンに重大なXML外部実体(XXE)脆弱性(CVE-2025-53689)が発見された。 jackrabbit-spi-commonsおよびjackrabbit-coreが影響を受け、特にユーザー入力XMLを扱う環境で、データ流出やサービス妨害
@yousukezan
14 Jul 2025
829 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-53689 CVE-2025-53689 https://t.co/VOSZ2dWZts
@VulmonFeeds
14 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53689 Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. … https://t.co/cO5R9j1JtD
@CVEnew
14 Jul 2025
478 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes