{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-50151","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2025-06-13T16:13:26.895Z","datePublished":"2025-07-21T09:32:30.334Z","dateUpdated":"2025-11-04T21:11:34.502Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache Jena","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"5.4.0","status":"affected","version":"0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div>File access paths in configuration files uploaded by users with administrator access are not validated.</div><div><p>This issue affects Apache Jena version up to 5.4.0.</p><p>Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.</p><br></div>"}],"value":"File access paths in configuration files uploaded by users with administrator access are not validated.\n\nThis issue affects Apache Jena version up to 5.4.0.\n\nUsers are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload."}],"metrics":[{"other":{"content":{"text":"important"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2025-07-21T09:32:30.334Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss"}],"source":{"discovery":"UNKNOWN"},"title":"Apache Jena: Configuration files uploaded by administrative users are not check properly","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-07-21T14:40:14.417556Z","id":"CVE-2025-50151","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-21T14:41:06.294Z"}},{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/07/21/2"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T21:11:34.502Z"}}]}}