CVE-2025-46392

Name of the Vulnerable Software and Affected Versions Apache Commons Configuration versions 1.x

Description The issue is related to Uncontrolled Resource Consumption in Apache Commons Configuration 1.x, which can lead to excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. Users who load untrusted configurations or give attackers control over usage patterns are at risk. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Apache Commons Configuration version 1.x, upgrade to the 2.x version line, which fixes these issues. Note that Apache Commons Configuration 2.x is not a drop-in replacement, but it can be loaded side-by-side with the 1.x version, making it possible to do a gradual migration.