CVE-2025-49656
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-11-04
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | jena | to 5.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows users with administrator access to create database files outside the designated files area of the Fuseki server in Apache Jena versions up to 5.4.0. This means that administrators can place database files in unauthorized locations on the server.
How can this vulnerability impact me? :
The vulnerability could lead to potential security risks such as unauthorized file placement, which might be exploited to bypass security controls, cause data integrity issues, or affect server operation by placing files in unexpected locations.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Apache Jena to version 5.5.0 or later, as this version fixes the vulnerability allowing administrator users to create database files outside the designated files area.