CVE-2025-49656 – org.apache.jena:jena-fuseki

Package

Manager: maven
Name: org.apache.jena:jena-fuseki
Vulnerable Version: >=0 <5.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00141 pctl0.34861

Details

Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

Metadata

Created: 2025-07-21T12:30:34Z
Modified: 2025-07-21T19:38:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-jq2c-m8gg-mqcm/GHSA-jq2c-m8gg-mqcm.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-jq2c-m8gg-mqcm
Finding: F063
Auto approve: 1