CVE-2025-50151 - Vulnerability Details

File access paths in configuration files uploaded by users with administrator access are not validated.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00224.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apache	Jena

Configuration 1 [-]

cpe:2.3:a:apache:jena:*:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Apache	Jena

Advisories

Source	ID	Title
EUVD	EUVD-2025-22072	Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access
Github GHSA	GHSA-xg9p-p463-3qjp	Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
https://nvd.nist.gov/vuln/detail/CVE-2025-50151
https://www.cve.org/CVERecord?id=CVE-2025-50151

History

Tue, 29 Jul 2025 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:apache:jena::::::::

Tue, 29 Jul 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-50151 https://www.cve.org/CVERecord?id=CVE-2025-50151
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 22 Jul 2025 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache jena
Vendors & Products		Apache Apache jena

Mon, 21 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 21 Jul 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
Title		Apache Jena: Configuration files uploaded by administrative users are not check properly
Weaknesses		CWE-20
References		https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2025-07-21T09:32:30.334Z

Updated: 2025-07-21T14:41:06.294Z

Reserved: 2025-06-13T16:13:26.895Z

Link: CVE-2025-50151

Vulnrichment

Updated: 2025-07-21T14:40:28.861Z

NVD

Status : Analyzed

Published: 2025-07-21T10:15:25.837

Modified: 2025-07-29T14:22:30.567

Link: CVE-2025-50151

Redhat

Severity : Moderate

Publid Date: 2025-07-21T09:32:30Z

Links: CVE-2025-50151 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-22T10:01:23Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object