Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN458
_____________________________________________________________________

DATE                : 21/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Jena versions prior to
                                   5.5.0.

=====================================================================
https://lists.apache.org/thread/sj08hwxtjw1xvbhh8m5mngg0noy9tgdw
https://lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq
_____________________________________________________________________

CVE-2025-50151: Apache Jena: Configuration files uploaded by
administrative users are not check properly
Severity: important 

Affected versions:

- Apache Jena through <= 5.4.0


Description:

File access paths in configuration files uploaded by users with
administrator access are not validated.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which does
not allow arbitrary configuration upload.


References:

https://jena.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-50151

_____________________________________________________________________

CVE-2025-49656: Apache Jena: Administrative users can create files
outside the server directory space via the admin UI
Severity: important 

Affected versions:

- Apache Jena through 5.4.0


Description:

Users with administrator access can create databases files outside the
files area of the Fuseki server.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which fixes the issue.


Credit:

Noriaki Iwasaki; Cyber Defense Institute, Inc (reporter)


References:

https://jena.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-49656


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================