CNNVD-202509-1097 Information

Sep 08, 2025 cve

CNNVD ID

CNNVD-202509-1097

CVE-2025-58782

CNNVD Published: 2025-09-08

Description (Chinese)

Apache Jackrabbit Core和Apache Jackrabbit JCR Commons都是Apache基金会的产品。Apache Jackrabbit Core是一个内容库核心。Apache Jackrabbit JCR Commons是一个通用工具库。 Apache Jackrabbit Core 1.0.0至2.22.1版本和Apache Jackrabbit JCR Commons 1.0.0至2.22.1版本存在安全漏洞，该漏洞源于反序列化不受信任数据，可能导致执行任意代码。

Description (English)

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are products of the Apache Foundation. Apache Jackrabbit Core is the core of the content bank. Apache Jackrabbit JCR Commons is a common tool library. There is a security loophole between Appache Jackrabbit Core, Versions 1.0.0 to 2.22.1, and Appache Jackrabbit JCR Commons, Versions 1.0.0 to 2.22.1, which stems from anti-sequencing untrusted data, which may lead to the implementation of arbitrary codes.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Apache Friends

Published

2025-09-08

Last Modified

2026-02-24

References

https://lists.apache.org/thread/t4wdrost6dh17dh406g792j9wq6xmy6v https://access.redhat.com/security/cve/cve-2025-58782

Patch

https://jackrabbit.apache.org/jcr/index.html

Share on: