TencentOS Server 2: apache-commons-vfs (TSSA-2025:0598)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0598 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7247893)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6 IBM. It is, therefore, affected by a vulnerability as referenced in the 7247893 advisory. - Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has ...

Linux Distros Unpatched Vulnerability : CVE-2025-27553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope'...

OESA-2025-1942 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...

OESA-2025-1940 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...

Oracle Linux 7 : apache-commons-vfs (ELSA-2025-10548)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10548 advisory. 2.0-11.0.1 - Simplify UriParser Orabug: 38161936CVE-2025-27553 Tenable has extracted the preceding description block directly from the Oracle Linux security...

apache-commons-vfs security update

2.0-11.0.1 - Simplify UriParser Orabug: 38161936CVE-2025-27553...

RHEL 7 : apache-commons-vfs (RHSA-2025:10548)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10548 advisory. Commons VFS provides a single API for accessing various different file systems. It presents a uniform view of the files from various different...

Medium: apache-commons-vfs

Issue Overview: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent ...

OESA-2025-1356 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...

[SECURITY] [DLA 4111-1] commons-vfs security update

Debian LTS Advisory DLA-4111-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 02, 2025 https://wiki.debian.org/LTS Package : commons-vfs Version : 2.1-2+deb11u1 CVE ID : CVE-2025-27553 Debian Bug : 1101204 Arnout Engelen discovered a Relative Path Traversal...

Debian dla-4111 : libcommons-vfs-java - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4111 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4111-1 [email protected] https://www.debian.org/lts/security/...

openSUSE Security Advisory (SUSE-SU-2025:1022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

apache-commons-vfs2-2.10.0-1.1 on GA media (moderate)

apache-commons-vfs2-2.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14929-1 Rating: moderate Cross-References: CVE-2025-27553 CVE-2025-30474 CVSS scores: CVE-2025-27553 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2025-30474 SUSE : 7.5...

CVE-2025-27553

creationtimestamp| type| source ---|---|--- 2025-03-23 16:50:29+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ll2p6j3kbl2v 2025-03-23 18:09:21+00:00| seen| https://t.me/cvedetector/20902 2025-03-24 13:05:24+00:00| seen|...

au.com.turingg:turingg-files (=0.0.1), au.com.turingg:turingg-mimak (=1.0.0) +875 more potentially affected by CVE-2025-27553 via org.apache.commons:commons-vfs2 (>=2.0 <=2.1)

org.apache.commons:commons-vfs2 MAVEN version =2.0, =0.0.4, =1.0.0, =1.0.0, =3.6.1, =3.11.0, =1.0-alpha-1, =1.0-alpha-1, =0.5, =0.5.1 and more Source cves: CVE-2025-27553 Source advisory: SNYK:JAVA-ORGAPACHECOMMONS-9511703...

CVE-2025-27553

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...

CVE-2025-27553

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...

CVE-2025-27553 Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...

CVE-2025-27553

CVE-2025-27553: Relative Path Traversal in Apache Commons VFS (FileObject.resolveFile with NameScope.DESCENDENT) can bypass descendent checks when paths contain encoded ".."; affected up to Commons VFS 2.9.x, fixed in 2.10.0. IBM bulletin aligns this vulnerability with IBM Content Collector for S...