4.1.x < 4.1.3 RCE (CVE-2025-48913)

Sudhakar Sharma (Jira) Sat, 18 Oct 2025 03:39:43 -0700


    [ 
https://issues.apache.org/jira/browse/KARAF-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18028094#comment-18028094
 ]


Sudhakar Sharma commented on KARAF-8007:
----------------------------------------

In the release notes of KARAF-4.4.8, it is mentioned that it upgraded to 
CXF-3.6.5, which Karaf version is upgraded to CXF-3.6.8?

> To support Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE 
> (CVE-2025-48913)
> --------------------------------------------------------------------------------
>
>                 Key: KARAF-8007
>                 URL: https://issues.apache.org/jira/browse/KARAF-8007
>             Project: Karaf
>          Issue Type: Dependency upgrade
>          Components: karaf
>    Affects Versions: 4.4.8
>            Reporter: Sudhakar Sharma
>            Priority: Major
>
> Can we mitigate the below critical CVE after upgrading to CXF-3.6.8?
> Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KARAF-8007) To support Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)

Reply via email to