{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T03:25:46.973","vulnerabilities":[{"cve":{"id":"CVE-2025-48913","sourceIdentifier":"security@apache.org","published":"2025-08-08T10:15:25.663","lastModified":"2025-11-04T22:16:17.657","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities.  This interface is now restricted to reject those protocols, removing this possibility.\n\nUsers are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue."},{"lang":"es","value":"Si se permite a usuarios no confiables configurar JMS para Apache CXF, anteriormente podían usar URL RMI o LDAP, lo que podría generar capacidades de ejecución de código. Esta interfaz ahora está restringida para rechazar dichos protocolos, eliminando esta posibilidad. Se recomienda a los usuarios actualizar a las versiones 3.6.8, 4.0.9 o 4.1.3, que solucionan este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.8","matchCriteriaId":"9DBCF1F5-333E-4307-ACC5-928C778200FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.9","matchCriteriaId":"326D5496-A8EB-4B4B-B489-CCD4936B6E3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.1.3","matchCriteriaId":"737DD9AE-43EC-4D4E-89C6-C84A3FF1A260"}]}]}],"references":[{"url":"https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/08/07/2","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}