CVE-2025-30474 Information
Mar 24, 2025
cve
Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS.
The FtpFileObject class can throw an exception when a file is not found revealing the original URI in its message which may include a password. The fix is to mask the password in the exception message This issue affects Apache Commons VFS: before 2.10.0.
Users are recommended to upgrade to version 2.10.0 which fixes the issue.
Reference
http://www.openwall.com/lists/oss-security/2025/03/23/2 https://issues.apache.org/jira/browse/VFS-169 https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4
Share on: