Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN886
_____________________________________________________________________

DATE                : 19/12/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Claris FileMaker Server versions
                                       prior to 22.0.4.

=====================================================================
https://support.claris.com/s/answerview?anum=000049059&language=en_US
_____________________________________________________________________

Remote code execution vulnerability discovered in Apache Commons Text
(CVE-2025-46295)

Apache Commons Text versions prior to 1.10.0 included interpolation
features that could be abused when applications passed untrusted input
into the text-substitution API. Because some interpolators could
trigger actions like executing commands or accessing external
resources, an attacker could potentially achieve remote code
execution.

We are pleased to confirm that this vulnerability has been fully
addressed in FileMaker Server 22.0.4. Apache Commons Text has been
upgraded to version 1.14.0.

We strongly recommend updating to ensure the security of your
FileMaker Server deployments.

This issue was assigned to CVE-2025-46295.  We would like to
thank an anonymous researcher for reporting it to us.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================