CVE-2025-49656

HIGH

Apache Jena < 5.5.0 - Authenticated Path Traversal via Database File Creation

Title source: llm

Description

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

References (2)

Core 2

Core References

Issue Tracking, Vendor Advisory vendor-advisory

https://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq

Mailing List

http://www.openwall.com/lists/oss-security/2025/07/21/1

Scores

CVSS v3 7.5

EPSS 0.0104

EPSS Percentile 77.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

apache/jena < 5.5.0

org.apache.jena/jena-fuseki 0 - 5.5.0Maven

Published Jul 21, 2025

Tracked Since Feb 18, 2026