PT-2025-29446 · Apache+2 · Apache Jackrabbit+2
Adam Kues
+2
·
Published
2025-07-14
·
Updated
2026-01-20
·
CVE-2025-53689
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Apache Jackrabbit versions prior to 2.23.2
Description:
The software contains Blind XXE vulnerabilities in jackrabbit-spi-commons and jackrabbit-core due to the use of an unsecured document build to load privileges.
Recommendations:
Upgrade to version 2.20.17 (Java 8).
Upgrade to version 2.22.1 (Java 11).
Upgrade to version 2.23.2 (Java 11, beta versions).
Fix
DoS
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Jackrabbit
Confluence
Debian