CVE-2025-48913

CRITICAL LAB

Apache CXF < 3.6.8 - Remote Code Execution via JMS Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-48913. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code demonstrating CVE-2025-48913, an Apache CXF JMS Transport JNDI Injection vulnerability. It includes multiple PoC scripts that verify the vulnerability, test patch effectiveness, and confirm a bypass in the patched version.

Description

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-48913

View Code ZIP pw:eip

This repository contains functional exploit code demonstrating CVE-2025-48913, an Apache CXF JMS Transport JNDI Injection vulnerability. It includes multiple PoC scripts that verify the vulnerability, test patch effectiveness, and confirm a bypass in the patched version.

Classification

Working Poc 100%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Apache CXF 4.1.2 (vulnerable), 4.1.3 (patched)

No auth needed

Prerequisites: Docker environment · Network access to target · LDAP listener setup

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Mar 04, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List, Third Party Advisory vendor-advisory

https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83

Mailing List

http://www.openwall.com/lists/oss-security/2025/08/07/2

Scores

CVSS v3 9.8

EPSS 0.0044

EPSS Percentile 63.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

EIP LAB

Docker Lab

attacker docker pull ghcr.io/exploitintel/cve-2025-48913-attacker:latest

patched docker pull ghcr.io/exploitintel/cve-2025-48913-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-48913-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-20

Status published

Products (2)

apache/cxf < 3.6.8

org.apache.cxf/cxf-rt-transports-jms 0 - 3.6.8Maven

Published Aug 08, 2025

Tracked Since Feb 18, 2026