CVE-2025-49656

HIGH

Apache Jena < 5.5.0 - Path Traversal

Title source: rule

Description

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

References (2)

[Issue Tracking, Vendor Advisory] https://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq

[Mailing List] http://www.openwall.com/lists/oss-security/2025/07/21/1

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (2)

apache/jena < 5.5.0

org.apache.jena/jena-fuseki < 5.5.0Maven

Timeline

Published Jul 21, 2025

Tracked Since Feb 18, 2026