CVE-2025-49656
MEDIUM4.9EPSS 1.0%Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server
Published: 7/21/2025Modified: 4/28/2026
Description
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
Affected packages (2)
- Debian/apache-jenafrom 0
- Maven/org.apache.jena:jena-fusekifrom 0, < 5.5.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-49656
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-49656
- PATCHhttps://github.com/apache/jena
- WEBhttps://github.com/apache/jena/commit/03c5265910aa3a27907bf54f6b4aaae3409afa4f
- WEBhttps://github.com/apache/jena/commit/35350569b4c1fd432d92e7c92af9597c4400debe
- WEBhttps://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq
- WEBhttp://www.openwall.com/lists/oss-security/2025/07/21/1