The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-05-22
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
CVSS Score
5.3
EPSS Score
0.002
Published
2026-05-22
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-05-22
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.
Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-08-08
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
CVSS Score
5.9
EPSS Score
0.001
Published
2025-01-21
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
CVSS Score
7.5
EPSS Score
0.012
Published
2024-07-19
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-07-19
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-07-19