The vulnerability of the FtpFileObject class, a common API for accessing various file systems through Apache Commons VFS, allows attackers to gain unauthorized access to protected information.

🗓️ 03 Jun 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

FtpFileObject vulnerability in Apache Commons VFS enables unauthorized access to protected data.

Reporter	Title	Published	Views	Family All 37
IBM Security Bulletins	Security Bulletin: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS, which affects IBM watsonx.data	1 Sep 202514:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment	14 Oct 202518:10	–	ibm
Tenable Nessus	Amazon Linux 2 : apache-commons-vfs (ALAS-2025-2819)	17 Apr 202500:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : apache-commons-vfs2 (SUSE-SU-2025:1022-1)	27 Mar 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-30474	27 Aug 202500:00	–	nessus
Amazon	Important: apache-commons-vfs	16 Apr 202500:00	–	amazon
Amazon	Important: apache-commons-vfs	16 Apr 202500:00	–	amazon
Circl	CVE-2025-30474	23 Mar 202516:50	–	circl
CNNVD	Apache Commons VFS 安全漏洞	23 Mar 202500:00	–	cnnvd
CNVD	Apache Commons VFS Information Disclosure Vulnerability	27 Mar 202500:00	–	cnvd

Vulners

Node

apache commons_vfs_(virtual_file_system)Range<2.10.0

Source	Link
openwall	www.openwall.com/lists/oss-security/2025/03/23/2
issues	www.issues.apache.org/jira/browse/VFS-169
lists	www.lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4
access	www.access.redhat.com/security/cve/CVE--2025-30474
web	www.web.nvd.nist.gov/view/vuln/detail

13 Aug 2025 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 37.5

CVSS 27.8

EPSS0.00109

FtpFileObject Apache Commons unauthorized access protected data