Vulnerability-Lookup

WID-SEC-W-2025-2369

Vulnerability from csaf_certbund - Published: 2025-10-21 22:00 - Updated: 2025-10-21 22:00

Summary

Oracle Utilities Applications: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - Sonstiges - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Utilities Applications ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Utilities Applications ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2369 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2369.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2369 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2369"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - October 2025 - Appendix Oracle Utilities Applications vom 2025-10-21",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixUTIL"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Utilities Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-21T22:00:00.000+00:00",
      "generator": {
        "date": "2025-10-22T10:38:26.731+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2369",
      "initial_release_date": "2025-10-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.3.0.5.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.3.0.5.0",
                  "product_id": "T047934",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.3.0.5.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.3.0.6.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.3.0.6.0",
                  "product_id": "T047935",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.3.0.6.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.4.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.0.0",
                  "product_id": "T047936",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.4.0.2.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.2.0",
                  "product_id": "T047937",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.4.0.3.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.3.0",
                  "product_id": "T047938",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.3.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.4.0.4.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.4.0.4.0",
                  "product_id": "T047939",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.4.0.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.0.0",
                  "product_id": "T047940",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.1.1",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.1.1",
                  "product_id": "T047941",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.1.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.1.3",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.1.3",
                  "product_id": "T047942",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.1.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.5.0.2.0",
                "product": {
                  "name": "Oracle Utilities Applications 4.5.0.2.0",
                  "product_id": "T047943",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:4.5.0.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.2.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 24.2.0.0.0",
                  "product_id": "T047944",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:24.2.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "24.3.0.0.0",
                "product": {
                  "name": "Oracle Utilities Applications 24.3.0.0.0",
                  "product_id": "T047945",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:24.3.0.0.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.4",
                "product": {
                  "name": "Oracle Utilities Applications 25.4",
                  "product_id": "T047946",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:25.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "25.1",
                "product": {
                  "name": "Oracle Utilities Applications 25.10",
                  "product_id": "T047947",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:utilities:25.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Utilities Applications"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-48734",
      "product_status": {
        "known_affected": [
          "T047939",
          "T047944",
          "T047934",
          "T047945",
          "T047942",
          "T047943",
          "T047937",
          "T047938",
          "T047935",
          "T047946",
          "T047936",
          "T047947",
          "T047940",
          "T047941"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48976",
      "product_status": {
        "known_affected": [
          "T047939",
          "T047944",
          "T047934",
          "T047945",
          "T047942",
          "T047943",
          "T047937",
          "T047938",
          "T047935",
          "T047946",
          "T047936",
          "T047947",
          "T047940",
          "T047941"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-53864",
      "product_status": {
        "known_affected": [
          "T047939",
          "T047944",
          "T047934",
          "T047945",
          "T047942",
          "T047943",
          "T047937",
          "T047938",
          "T047935",
          "T047946",
          "T047936",
          "T047947",
          "T047940",
          "T047941"
        ]
      },
      "release_date": "2025-10-21T22:00:00.000+00:00",
      "title": "CVE-2025-53864"
    }
  ]
}

CVE-2025-48976 (GCVE-0-2025-48976)

Vulnerability from cvelistv5 – Published: 2025-06-16 15:00 – Updated: 2025-11-03 20:05

Title

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

Summary

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Severity ?

No CVSS data available.

CWE

Allocation of resources with insufficient limits

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/fbs3wrr3p67vkjcxo…

vendor-advisory

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Commons FileUpload

Affected: 1.0 , < 1.6 (semver)

Apache Software Foundation

Apache Commons FileUpload

Affected: 2.0.0-M1 , < 2.0.0-M4 (semver)

Credits

TERASOLUNA Framework Security Team of NTT DATA Group Corporation

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:05:02.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/06/16/4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-17T14:04:56.145891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T14:07:34.067Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-fileupload:commons-fileupload",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.6",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-fileupload2",
          "product": "Apache Commons FileUpload",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0-M4",
              "status": "affected",
              "version": "2.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "TERASOLUNA Framework Security Team of NTT DATA Group Corporation"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAllocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\n\nThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\n\nUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Allocation of resources with insufficient limits",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-16T15:00:48.140Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48976",
    "datePublished": "2025-06-16T15:00:48.140Z",
    "dateReserved": "2025-05-29T07:19:14.431Z",
    "dateUpdated": "2025-11-03T20:05:02.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-48734 (GCVE-0-2025-48734)

Vulnerability from cvelistv5 – Published: 2025-05-28 13:32 – Updated: 2025-11-03 20:04

Title

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Summary

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default. Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty(). Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests. This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils 1.x are recommended to upgrade to version 1.11.0, which fixes the issue. Users of the artifact org.apache.commons:commons-beanutils2 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c…

vendor-advisory

Impacted products

Vendor

Product

Version

Apache Software Foundation

Apache Commons BeanUtils 1.x

Affected: 1.0 , < 1.11.0 (maven)

Apache Software Foundation

Apache Commons BeanUtils 2.x

Affected: 2.0.0-M1 , < 2.0.0-M2 (maven)

Credits

Raj (mailto:denesh.raj@zohocorp.com) Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-24T03:55:15.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:04:56.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/28/6"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "commons-beanutils:commons-beanutils",
          "product": "Apache Commons BeanUtils 1.x",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "1.11.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "maven"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.commons:commons-beanutils2",
          "product": "Apache Commons BeanUtils 2.x",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.0.0-M2",
              "status": "affected",
              "version": "2.0.0-M1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Raj (mailto:denesh.raj@zohocorp.com)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Access Control vulnerability in Apache Commons.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003eReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\u003cbr\u003eStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\u003cp\u003e\u003c/p\u003eThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.\u003cp\u003eUsers of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-28T13:32:08.300Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-48734",
    "datePublished": "2025-05-28T13:32:08.300Z",
    "dateReserved": "2025-05-23T12:30:32.006Z",
    "dateUpdated": "2025-11-03T20:04:56.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53864 (GCVE-0-2025-53864)

Vulnerability from cvelistv5 – Published: 2025-07-11 00:00 – Updated: 2025-09-23 18:38

Summary

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE

CWE-674 - Uncontrolled Recursion

Assigner

mitre

References

URL

Tags

	https://bitbucket.org/connect2id/nimbus-jose-jwt/…
	https://github.com/google/gson/compare/gson-paren…
	https://github.com/google/gson/commit/1039427ff01…
	https://bitbucket.org/connect2id/nimbus-jose-jwt/…
	https://bitbucket.org/connect2id/nimbus-jose-jwt/…

Impacted products

	Vendor	Product	Version
	Connect2id	Nimbus JOSE+JWT	Affected: 0 , < 10.0.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53864",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:28:35.322634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:28:38.382Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Nimbus JOSE+JWT",
          "vendor": "Connect2id",
          "versions": [
            {
              "lessThan": "10.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T18:38:15.547Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
        },
        {
          "url": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0"
        },
        {
          "url": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b"
        },
        {
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861c"
        },
        {
          "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branch"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-53864",
    "datePublished": "2025-07-11T00:00:00.000Z",
    "dateReserved": "2025-07-11T00:00:00.000Z",
    "dateUpdated": "2025-09-23T18:38:15.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2369

CVE-2025-48976 (GCVE-0-2025-48976)

CVE-2025-48734 (GCVE-0-2025-48734)

CVE-2025-53864 (GCVE-0-2025-53864)

Tags

Sightings

Nomenclature