CVE-2025-50151 — Apache Jena doesn't validate file access paths in configuration files uploaded b

Description

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload.

How to fix CVE-2025-50151

To remediate CVE-2025-50151, upgrade the affected package to a fixed version below.

—no fix listed
—upgrade to 5.5.0 or later

Is CVE-2025-50151 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0
from 0, < 5.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-50151
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-50151
PATCHgithub.com/apache/jena
WEBlists.apache.org/thread/12gks5z40gh9bszn1xk8mz34gz586xss
WEB