CVE-2025-50151

HIGH

Apache Jena <5.4.0 - Info Disclosure

Title source: llm

Description

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

References (2)

[Issue Tracking, Vendor Advisory] https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss

[Mailing List] http://www.openwall.com/lists/oss-security/2025/07/21/2

Scores

CVSS v3 8.8

EPSS 0.0030

EPSS Percentile 52.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-20

Status published

Affected Products (2)

apache/jena < 5.5.0

org.apache.jena/jena < 5.5.0Maven

Timeline

Published Jul 21, 2025

Tracked Since Feb 18, 2026