Improper Access Control

🗓️ 24 Jul 2025 05:27:55Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 4 Views

Apache Jena has a vulnerability due to improper access control allowing file creation outside intended directories.

Reporter	Title	Published	Views	Family All 23
Circl	CVE-2025-49656	21 Jul 202510:52	–	circl
CNNVD	Apache Jena 安全漏洞	21 Jul 202500:00	–	cnnvd
CNVD	Apache Jena Path Traversal Vulnerability	23 Jul 202500:00	–	cnvd
CVE	CVE-2025-49656	21 Jul 202509:30	–	cve
Cvelist	CVE-2025-49656 Apache Jena: Administrative users can create files outside the server directory space via the admin UI	21 Jul 202509:30	–	cvelist
Debian CVE	CVE-2025-49656	21 Jul 202509:30	–	debiancve
EUVD	EUVD-2025-22076	3 Oct 202520:07	–	euvd
Github Security Blog	Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server	21 Jul 202512:30	–	github
Japan Vulnerability Notes	JVN#90566559: Apache Jena Fuseki vulnerable to path traversal	30 Jul 202500:00	–	jvn
Japan Vulnerability Notes	Apache Jena Fuseki vulnerable to path traversal	30 Jul 202505:17	–	jvn

Vulners

Node

apache jena-fusekiRange0.2.1-incubating–5.4.0java

OR

apache jena-fusekiMatch0.2.1-incubatingjava

OR

apache jena-fusekiMatch0.2.2java

OR

apache jena-fusekiMatch0.2.3java

OR

apache jena-fusekiMatch0.2.4java

OR

apache jena-fusekiMatch0.2.5java

OR

apache jena-fusekiMatch0.2.6java

OR

apache jena-fusekiMatch0.2.7java

OR

apache jena-fusekiMatch1.0.0java

OR

apache jena-fusekiMatch1.0.1java

OR

apache jena-fusekiMatch1.0.2java

OR

apache jena-fusekiMatch1.1.0java

OR

apache jena-fusekiMatch1.1.1java

OR

apache jena-fusekiMatch2.0.0java

OR

apache jena-fusekiMatch2.3.0java

OR

apache jena-fusekiMatch2.3.1java

OR

apache jena-fusekiMatch2.4.0java

OR

apache jena-fusekiMatch2.4.1java

OR

apache jena-fusekiMatch2.5.0java

OR

apache jena-fusekiMatch2.6.0java

OR

apache jena-fusekiMatch3.10.0java

OR

apache jena-fusekiMatch3.11.0java

OR

apache jena-fusekiMatch3.12.0java

OR

apache jena-fusekiMatch3.13.0java

OR

apache jena-fusekiMatch3.13.1java

OR

apache jena-fusekiMatch3.14.0java

OR

apache jena-fusekiMatch3.15.0java

OR

apache jena-fusekiMatch3.16.0java

OR

apache jena-fusekiMatch3.17.0java

OR

apache jena-fusekiMatch3.4.0java

OR

apache jena-fusekiMatch3.5.0java

OR

apache jena-fusekiMatch3.6.0java

OR

apache jena-fusekiMatch3.7.0java

OR

apache jena-fusekiMatch3.8.0java

OR

apache jena-fusekiMatch3.9.0java

OR

apache jena-fusekiMatch4.0.0java

OR

apache jena-fusekiMatch4.1.0java

OR

apache jena-fusekiMatch4.10.0java

OR

apache jena-fusekiMatch4.2.0java

OR

apache jena-fusekiMatch4.3.0java

OR

apache jena-fusekiMatch4.3.1java

OR

apache jena-fusekiMatch4.3.2java

OR

apache jena-fusekiMatch4.4.0java

OR

apache jena-fusekiMatch4.5.0java

OR

apache jena-fusekiMatch4.6.0java

OR

apache jena-fusekiMatch4.6.1java

OR

apache jena-fusekiMatch4.7.0java

OR

apache jena-fusekiMatch4.8.0java

OR

apache jena-fusekiMatch4.9.0java

OR

apache jena-fusekiMatch5.0.0java

OR

apache jena-fusekiMatch5.0.0-rc1java

OR

apache jena-fusekiMatch5.1.0java

OR

apache jena-fusekiMatch5.2.0java

OR

apache jena-fusekiMatch5.3.0java

Source	Link
lists	www.lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq
openwall	www.openwall.com/lists/oss-security/2025/07/21/1
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-49656
github	www.github.com/apache/jena/commit/35350569b4c1fd432d92e7c92af9597c4400debe
github	www.github.com/apache/jena/commit/03c5265910aa3a27907bf54f6b4aaae3409afa4f
github	www.github.com/apache/jena

03 Jun 2026 08:20Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.17.5

EPSS0.01036

SSVC

apache jena access control vulnerability improper validation file path issue