CVE-2025-50151 - Vulnerability Details

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apache	Jena

Configuration 1 [-]

cpe:2.3:a:apache:jena:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
https://nvd.nist.gov/vuln/detail/CVE-2025-50151
https://www.cve.org/CVERecord?id=CVE-2025-50151

History

Tue, 29 Jul 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:apache:jena::::::::

Tue, 29 Jul 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-50151 https://www.cve.org/CVERecord?id=CVE-2025-50151
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 22 Jul 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache jena
Vendors & Products		Apache Apache jena

Mon, 21 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 21 Jul 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
Title		Apache Jena: Configuration files uploaded by administrative users are not check properly
Weaknesses		CWE-20
References		https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2025-07-21T09:32:30.334Z

Updated: 2025-07-21T14:41:06.294Z

Reserved: 2025-06-13T16:13:26.895Z

Link: CVE-2025-50151

Vulnrichment

Updated: 2025-07-21T14:40:28.861Z

NVD

Status : Analyzed

Published: 2025-07-21T10:15:25.837

Modified: 2025-07-29T14:22:30.567

Link: CVE-2025-50151

Redhat

Severity : Moderate

Publid Date: 2025-07-21T09:32:30Z

Links: CVE-2025-50151 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object