ID

VAR-202507-3389


CVE

CVE-2025-49656


TITLE

Apache Jena Fuseki Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-000054

DESCRIPTION

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue. A remote third party can create a directory with any name. ttl The file may be created

Trust: 1.62

sources: NVD: CVE-2025-49656 // JVNDB: JVNDB-2025-000054

AFFECTED PRODUCTS

vendor:apachemodel:jenascope:ltversion:5.5.0

Trust: 1.0

vendor:apachemodel:jena fusekiscope:ltversion:5.5.0 earlier

Trust: 0.8

vendor:apachemodel:jena fusekiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-000054 // NVD: CVE-2025-49656

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-49656
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-49656
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-49656

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-000054 // NVD: CVE-2025-49656

PATCH

title:Apache Jenaurl:https://jvn.jp/jp/JVN90566559/995617/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2025-000054

EXTERNAL IDS

db:NVDid:CVE-2025-49656

Trust: 2.6

db:OPENWALLid:OSS-SECURITY/2025/07/21/1

Trust: 1.0

db:JVNid:JVN90566559

Trust: 0.8

db:JVNDBid:JVNDB-2025-000054

Trust: 0.8

sources: JVNDB: JVNDB-2025-000054 // NVD: CVE-2025-49656

REFERENCES

url:https://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq

Trust: 1.0

url:http://www.openwall.com/lists/oss-security/2025/07/21/1

Trust: 1.0

url:https://jvn.jp/jp/jvn90566559/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-49656

Trust: 0.8

sources: JVNDB: JVNDB-2025-000054 // NVD: CVE-2025-49656

SOURCES

db:JVNDBid:JVNDB-2025-000054
db:NVDid:CVE-2025-49656

LAST UPDATE DATE

2026-07-08T23:38:50.978000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-000054date:2026-07-07T09:24:00
db:NVDid:CVE-2025-49656date:2025-11-04T22:16:18.450

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-000054date:2025-07-30T00:00:00
db:NVDid:CVE-2025-49656date:2025-07-21T10:15:25.440