Cxf

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-48913 CRITICAL PATCH This Week

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Cxf Redhat
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-23184 MEDIUM PATCH This Month

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Denial Of Service Cxf Redhat
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-48913
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Cxf +1
NVD
CVE-2025-23184
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Denial Of Service Cxf +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy