CVE-2025-48924

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apache Commons Lang versions 2.0 through 2.6 Apache Commons Lang3 versions 3.0 through 3.17.9

Description: The ClassUtils.getClass() method can cause a StackOverflowError when processing excessively long inputs. This error can lead to application termination as errors are typically unhandled.

Recommendations: Upgrade to version 3.18.0.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2025-12843

ALT-PU-2025-13422

AZL-65144

AZL-65181

BDU:2025-08956

CLEANSTART-2026-BG72514

CLEANSTART-2026-CQ39708

CLEANSTART-2026-DD05788

CLEANSTART-2026-DV49899

CLEANSTART-2026-FO41609

CLEANSTART-2026-GE08280

CLEANSTART-2026-GH89210

CLEANSTART-2026-IA43044

CLEANSTART-2026-IW08736

CLEANSTART-2026-JU62349

CLEANSTART-2026-JW30455

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-LZ76508

CLEANSTART-2026-MM00120

CLEANSTART-2026-OQ84658

CLEANSTART-2026-RN56220

CLEANSTART-2026-RZ30606

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-VH41554

CLEANSTART-2026-WG59699

CLEANSTART-2026-WK99982

CVE-2025-48924

DLA-4262-1

DLA-4262-2

DLA-4286-1

DLA-4286-2

ECHO-4C54-3BBA-F75D

GHSA-J288-Q9X7-2F5V

MGASA-2025-0293

OESA-2025-1929

OESA-2025-1971

OESA-2025-1972

OESA-2025-2030

OESA-2025-2031

OESA-2025-2032

OESA-2025-2061

OPENSUSE-SU-2025:15347-1

OPENSUSE-SU-2026:10784-1

OPENSUSE-SU-2026:20841-1

SUSE-SU-2025:02785-1

SUSE-SU-2025:02786-1

SUSE-SU-2025:02818-1

SUSE-SU-2025_02785-1

SUSE-SU-2025_02786-1

SUSE-SU-2025_02818-1

USN-8364-1

Affected Products

Alt Linux

Apache Commons Lang

Apache Commons Lang3

Debian

Red Os

Suse

CVE-2025-48924

Weakness Enumeration

Related Identifiers

Affected Products

References · 512