Apache Jena Vulnerability Allows Arbitrary File Access
gbhackersCritical security vulnerabilities in Apache Jena have been disclosed that enable administrators to access and create files outside designated server directories, potentially compromising system security.
Two distinct CVEs were published on July 21, 2025, affecting all versions of Apache Jena through 5.4.0, with administrators urged to upgrade to version 5.5.0 immediately to mitigate these risks.
Critical Security Flaws Identified
Apache Jena, the popular open-source semantic web framework, has been found vulnerable to two significant security flaws that could allow malicious administrative users to bypass directory restrictions.
| CVE ID | Severity | Description | Affected Versions | Fixed Version |
| CVE-2025-49656 | Important | Administrative users can create files outside server directory via admin UI | Through 5.4.0 | 5.5.0 |
| CVE-2025-50151 | Important | Configuration file paths uploaded by admins not properly validated | Through 5.4.0 | 5.5.0 |
Both vulnerabilities exploit weaknesses in the Fuseki server’s file handling mechanisms, enabling unauthorized ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE