openSUSE Security Advisory (SUSE-SU-2025:01815-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat build of Cryostat 4.0.1: new RHEL 9 container image security update

New Red Hat build of Cryostat 4.0.1 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE SLES15 / openSUSE 15 Security Update : apache-commons-beanutils (SUSE-SU-2025:01815-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01815-1 advisory. Update to 1.11.0 - CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog:...

Security update for apache-commons-beanutils

This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.htmla1.11.0 Patch Instructions: To install this SUSE...

SUSE-SU-2025:01815-1 Security update for apache-commons-beanutils

This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 - CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.htmla1.11.0...

Improper Access Control

Apache Commons BeanUtils is vulnerable to Improper Access Control. The vulnerability is due to insecure property access due to failure to restrict access to the declaredClass property of Java enums, allowing attackers to access the classloader and potentially execute arbitrary code...

Apache Commons BeanUtils 1.x < 1.11.0, 2.0.0-M1 < 2.0.0-M2 Improper Access Control Vulnerability

The Apache Commons BeanUtils library is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

OPENSUSE-SU-2025:15175-1 apache-commons-beanutils-1.11.0-1.1 on GA media

These are all security issues fixed in the apache-commons-beanutils-1.11.0-1.1 package on the GA media of openSUSE Tumbleweed...

com.github.hazendaz:displaytag (>=2.8.0 <=3.3.0), com.github.hazendaz:displaytag-examples (>=2.8.0 <=3.3.0) +8 more potentially affected by CVE-2025-48734 via org.apache.commons:commons-beanutils2 (=2.0.0-M1)

org.apache.commons:commons-beanutils2 MAVEN version =2.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-beanutils2 and may be impacted: - com.github.hazendaz:displaytag =2.8.0, =2.8.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0,...

au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)

commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview commons-beanutils:commons-beanutils is a provides an easy-to-use but flexible wrapper around reflection and introspection. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the getProperty and...

au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)

commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...

com.github.hazendaz:displaytag (>=2.8.0 <=3.3.0), com.github.hazendaz:displaytag-examples (>=2.8.0 <=3.3.0) +8 more potentially affected by CVE-2025-48734 via org.apache.commons:commons-beanutils2 (=2.0.0-M1)

org.apache.commons:commons-beanutils2 MAVEN version =2.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-beanutils2 and may be impacted: - com.github.hazendaz:displaytag =2.8.0, =2.8.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0,...

DEBIAN-CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

UBUNTU-CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

CVE-2025-48734

The CVE-2025-48734 entry describes an Improper Access Control in Apache Commons BeanUtils. A BeanIntrospector was added (default-off in older behavior) to suppress the enum-declaredClass property access that could reveal a ClassLoader when external property paths are passed to PropertyUtilsBean.g...

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

PT-2025-23085

Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.x before 1.11.0 Apache Commons BeanUtils versions 2.x before 2.0.0-M2 Description The issue is related to improper access control in Apache Commons BeanUtils, where an attacker can access the enum's class...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813-vulhub POC script for the vulhub environment of...