CVE-2025-50151

NameCVE-2025-50151
DescriptionFile access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1109807

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache-jena (PTS)bookworm4.5.0-2vulnerable
forky, sid, trixie4.9.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apache-jenasource(unstable)(unfixed)1109807

Notes

[trixie] - apache-jena <no-dsa> (Minor issue)
[bookworm] - apache-jena <no-dsa> (Minor issue)
https://lists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss

Search for package or bug name: Reporting problems