INFSA-2025:9166: apache-commons-beanutils security update
Information about definition
Identificator: INFSA-2025:9166
Type: security
Release date: 2025-07-15 19:22:37 UTC
Information about package
The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.
Vulnerabilities description
- CVE-2025-48734
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-48734
|
no information | 8.8 | no information |
Updated packages