Bug 2387221 (CVE-2025-48913)
| Summary: | CVE-2025-48913 org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asoldano, bbaranow, bmaxwell, brian.stansberry, darran.lofthouse, dkreling, dosoudil, istudens, ivassile, iweiss, mosmerov, msochure, msvehla, nwallace, pesilva, pjindal, pmackay, rstancel, smaestri, tom.jenkinson |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-08-08 10:01:17 UTC
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0.9 Via RHSA-2025:17318 https://access.redhat.com/errata/RHSA-2025:17318 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Via RHSA-2025:17317 https://access.redhat.com/errata/RHSA-2025:17317 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 Via RHSA-2026:4915 https://access.redhat.com/errata/RHSA-2026:4915 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8 Via RHSA-2026:4916 https://access.redhat.com/errata/RHSA-2026:4916 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 Via RHSA-2026:4917 https://access.redhat.com/errata/RHSA-2026:4917 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 Via RHSA-2026:4924 https://access.redhat.com/errata/RHSA-2026:4924 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 Via RHSA-2026:6012 https://access.redhat.com/errata/RHSA-2026:6012 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Via RHSA-2026:6011 https://access.redhat.com/errata/RHSA-2026:6011 |