{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-50151", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-06-13T16:13:26.895Z", "datePublished": "2025-07-21T09:32:30.334Z", "dateUpdated": "2025-07-21T14:41:06.294Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Jena", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "5.4.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>File access paths in configuration files uploaded by users with administrator access are not validated.</div><div><p>This issue affects Apache Jena version up to 5.4.0.</p><p>Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.</p><br></div>"}], "value": "File access paths in configuration files uploaded by users with administrator access are not validated.\n\nThis issue affects Apache Jena version up to 5.4.0.\n\nUsers are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-07-21T09:32:30.334Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Jena: Configuration files uploaded by administrative users are not check properly", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-21T14:40:14.417556Z", "id": "CVE-2025-50151", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T14:41:06.294Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-50151", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-21T14:40:14.417556Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-21T14:40:28.861Z"}}], "cna": {"title": "Apache Jena: Configuration files uploaded by administrative users are not check properly", "source": {"discovery": "UNKNOWN"}, "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "important"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Jena", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.4.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "File access paths in configuration files uploaded by users with administrator access are not validated.\n\nThis issue affects Apache Jena version up to 5.4.0.\n\nUsers are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.", "supportingMedia": [{"type": "text/html", "value": "<div>File access paths in configuration files uploaded by users with administrator access are not validated.</div><div><p>This issue affects Apache Jena version up to 5.4.0.</p><p>Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.</p><br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-07-21T09:32:30.334Z"}}}, "cveMetadata": {"cveId": "CVE-2025-50151", "state": "PUBLISHED", "dateUpdated": "2025-07-21T14:41:06.294Z", "dateReserved": "2025-06-13T16:13:26.895Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-07-21T09:32:30.334Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "File access paths in configuration files uploaded by users with administrator access are not validated.\n\nThis issue affects Apache Jena version up to 5.4.0.\n\nUsers are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload."}], "id": "CVE-2025-50151", "lastModified": "2025-07-22T13:06:07.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-21T10:15:25.837", "references": [{"source": "[email protected]", "url": "https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "[email protected]", "type": "Secondary"}]}

{}