CVE-2025-53192

Name of the Vulnerable Software and Affected Versions: Apache Commons OGNL (affected versions not specified)

Description: An improper neutralization of expression/command delimiters issue exists in Apache Commons OGNL. The OGNL engine, when used with the Ognl.getValue API, parses and evaluates expressions, offering capabilities like method access and invocation. Existing restrictions attempting to block dangerous classes and methods are not comprehensive, potentially allowing attackers to bypass them using uncovered class objects and achieve arbitrary code execution.

Recommendations: As this project is retired and no fix is planned, users are recommended to find an alternative or restrict access to the instance to trusted users.