4.1.x < 4.1.3 RCE (CVE-2025-48913)

Jira Fri, 17 Oct 2025 20:01:05 -0700


    [ 
https://issues.apache.org/jira/browse/KARAF-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18028099#comment-18028099
 ]


Jean-Baptiste Onofré commented on KARAF-8007:
---------------------------------------------

Karaf 4.4.9 will include the update (again for example/tests).

> To support Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE 
> (CVE-2025-48913)
> --------------------------------------------------------------------------------
>
>                 Key: KARAF-8007
>                 URL: https://issues.apache.org/jira/browse/KARAF-8007
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.8
>            Reporter: Sudhakar Sharma
>            Priority: Major
>
> Can we mitigate the below critical CVE after upgrading to CXF-3.6.8?
> Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KARAF-8007) To support Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)

Reply via email to