Apache Jena: Administrative users can create files outside the server...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Users with administrator access can create databases files outside the files area of the Fuseki server.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which fixes the issue.

Basic Information

ID CVE-2025-49656

Source apache

Published Jul 21, 2025 at 09:30

Modified Jul 21, 2025 at 14:47

Affected Product

Vendor Apache Software Foundation

Product Apache Jena

Affected Versions Apache Software Foundation Apache Jena 0

CWE Classification

CWE-22

References

lists.apache.org /thread/qmm21som8zct813vx6dfd1phnfro6mwq

{
    "lastseen": "",
    "description": "Users with administrator access can create databases files outside the files area of the Fuseki server.\n\nThis issue affects Apache Jena version up to 5.4.0.\n\nUsers are recommended to upgrade to version 5.5.0, which fixes the issue.",
    "published": "2025-07-21T09:30:32.715Z",
    "modified": "2025-07-21T14:47:08.462Z",
    "type": "cve",
    "title": "Apache Jena: Administrative users can create files outside the server directory space via the admin UI",
    "source": "apache",
    "references": "https://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq",
    "id": "CVE-2025-49656",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Jena 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Jena",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache Jena: Administrative users can create files outside the server directory space via the admin UI_CVE-2025-49656