Published:2025/07/30 Last Updated:2025/07/30
JVN#90566559
Apache Jena Fuseki vulnerable to path traversal
Overview
Jena Fuseki provided by The Apache Software Foundation contains a path traversal vulnerability.
Products Affected
- Jena Fuseki versions prior to 5.5.0
Description
Jena Fuseki provided by The Apache Software Foundation contains the following vulnerability.
- Path traversal (CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N Base Score 2.7
- CVE-2025-49656
Impact
A remore unauthenticated attacker may create a ttl file with an arbitrary name in an arbitrary directory.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Link |
Apache Software Foundation | CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to the developer and IPA.
After the coordination between the reporter and the developer, JPCERT/CC coordinated with the developer to publish this advisory under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
|
JVN iPedia |
JVNDB-2025-000054 |