CRITICAL🇵🇱 Wersja polska

CVE-2025-48913

CVSS 9.8v3.1pub. 2025-08-08upd. 2025-11-04

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

🤖 AI Analysis
How it works

Apache CXF in versions prior to applying patches did not properly validate the protocols used in JMS configuration URLs. An untrusted user with the ability to configure JMS could provide a URL based on RMI or LDAP protocols, which could lead to server-side code execution (RCE). The patch restricts the allowed protocols in JMS configuration by rejecting RMI and LDAP addresses.

Impact

An attacker can gain full control over a vulnerable server through remote code execution, threatening the confidentiality, integrity, and availability of the system.

Mitigation & patch

Apache CXF should be updated to version 3.6.8, 4.0.9, or 4.1.3, in which the issue has been fixed. Until the update is applied, the ability to modify JMS configuration by untrusted users should be restricted or eliminated.

Who is affected

Apache CXF in all versions before 3.6.8, 4.0.9, and 4.1.3 — affects deployments where untrusted users have the ability to configure JMS.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Cxf

    APP
    Apache
    < 3.6.84.0.0 – 4.0.9 (bez)4.1.0 – 4.1.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-49875CRITICAL9.8PL ✓ten sam produkt

Apache CXF: podatność XXE w EndpointReferenceUtils i W3CMultiSchemaFactory

CVE-2026-50628CRITICAL9.8PL ✓ten sam produkt

Apache CXF: błąd logiki w OAuthRequestFilter odwraca weryfikację IP

CVE-2026-50627CRITICAL9.1PL ✓ten sam produkt

Apache CXF: brak weryfikacji pola 'aud' w tokenach JWT (Token Confusion)

CVE-2026-44930CRITICAL9.8ten sam produkt

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow ...

CVE-2024-29736CRITICAL9.1PL ✓ten sam produkt

SSRF w opisie usług WADL w Apache CXF