CVE-2025-46295 - Critical Severity Vulnerability
Vulnerable Library - commons-text-1.8.jar
Apache Commons Text is a library focused on algorithms working on strings.
Library home page: https://www.apache.org/
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
Dependency Hierarchy:
- mule-http-connector-1.5.23-mule-plugin.jar (Root Library)
- ❌ commons-text-1.8.jar (Vulnerable Library)
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Vulnerability Details
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.
Publish Date: 2025-12-16
URL: CVE-2025-46295
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://support.claris.com/s/answerview?anum=000049059&language=en_US
Release Date: 2025-12-16
Fix Resolution: org.apache.commons:commons-text:1.10.0
CVE-2025-46295 - Critical Severity Vulnerability
Apache Commons Text is a library focused on algorithms working on strings.
Library home page: https://www.apache.org/
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/apache/commons/commons-text/1.8/commons-text-1.8.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.
Publish Date: 2025-12-16
URL: CVE-2025-46295
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://support.claris.com/s/answerview?anum=000049059&language=en_US
Release Date: 2025-12-16
Fix Resolution: org.apache.commons:commons-text:1.10.0