PT-2025-51764 · Apache+2 · Apache Commons Text+2
Published
2025-12-16
·
Updated
2026-02-24
·
CVE-2025-46295
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Commons Text versions prior to 1.10.0
FileMaker Server versions prior to 22.0.4
Description
Apache Commons Text versions prior to 1.10.0 contain interpolation features that could be exploited when applications process untrusted input using the text-substitution API. Certain interpolators can trigger actions, including executing commands or accessing external resources, potentially allowing an attacker to achieve remote code execution. The vulnerability has been addressed in FileMaker Server 22.0.4.
Recommendations
Apache Commons Text versions prior to 1.10.0: Update to version 1.10.0 or later.
FileMaker Server versions prior to 22.0.4: Update to version 22.0.4 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Commons Text
Filemaker Server
Red Os