CVE-2025-48913

CRITICAL LAB

Apache CXF <3.6.8-4.1.3 - RCE

Title source: llm

Description

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-48913

View Code ZIP pw:eip

References (2)

[Mailing List, Third Party Advisory] https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83

[Mailing List] http://www.openwall.com/lists/oss-security/2025/08/07/2

Scores

CVSS v3 9.8

EPSS 0.0019

EPSS Percentile 40.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

EIP LAB

Docker Lab

attacker docker pull ghcr.io/exploitintel/cve-2025-48913-attacker:latest

patched docker pull ghcr.io/exploitintel/cve-2025-48913-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-48913-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-20

Status published

Products (2)

apache/cxf < 3.6.8

org.apache.cxf/cxf-rt-transports-jms 0 - 3.6.8Maven

Published Aug 08, 2025

Tracked Since Feb 18, 2026