Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN499
_____________________________________________________________________

DATE                : 11/08/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache CXF versions prior to
                               4.1.3, 4.0.9, 3.6.8, 3.5.11.

=====================================================================
https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83
https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn
_____________________________________________________________________

CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to
RCE

Severity: moderate

Affected versions:

- Apache CXF 4.1.0 before 4.1.3
- Apache CXF 4.0.0 before 4.0.9
- Apache CXF before 3.6.8

Description:

If untrusted users are allowed to configure JMS for Apache CXF,
previously they could use RMI or LDAP URLs, potentially leading to
code execution capabilities.  This interface is now restricted to
reject those protocols, removing this possibility.

Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3,
which fix this issue.

Credit:

M Bhatt (r34p3r) OWASP GenAI Security Project & Blake Gatto (b1oo)
Shrewd Research (finder)

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48913

_____________________________________________________________________

CVE-2025-48795: Apache CXF: Denial of Service and sensitive data
exposure in logs

Severity: moderate

Affected versions:

- Apache CXF 3.5.10 before 3.5.11
- Apache CXF 3.6.5 before 3.6.6
- Apache CXF 4.0.6 before 4.0.7
- Apache CXF 4.1.0 before 4.1.1

Description:

Apache CXF stores large stream based messages as temporary files on
the local filesystem. A bug was introduced which means that the entire
temporary file is read into memory and then logged. An attacker might
be able to exploit this to cause a denial of service attack by causing
an out of memory exception. In addition, it is possible to configure
CXF to encrypt temporary files to prevent sensitive credentials from
being cached unencrypted on the local filesystem, however this bug
means that the cached files are written out to logs unencrypted.

Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or
4.1.1, which fixes this issue.

Credit:

MAUGIN Thomas https://github.com/Thom-x, Qlik (finder)

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48795


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================