CVE-2025-48382

Name of the Vulnerable Software and Affected Versions Fess versions prior to 14.19.2

Description The issue primarily affects environments where Fess is deployed in a shared or multi-user context, potentially leading to information disclosure. This could allow unauthorized local users to access sensitive data contained in temporary files created by the createTempFile() method in org.codelibs.fess.helper.SystemHelper. Typical single-user or isolated deployments have minimal or negligible practical impact.

Recommendations For versions prior to 14.19.2, update to version 14.19.2 to resolve the issue. As a temporary workaround, consider restricting local access to the environment running Fess to trusted users only.