Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-50151
CVE-2025-50151:
Java vulnerability analysis and mitigation
Overview
A file path validation vulnerability was identified in Apache Jena, tracked as CVE-2025-50151. The vulnerability affects Apache Jena versions up to 5.4.0, where file access paths in configuration files uploaded by users with administrator access are not properly validated. The vulnerability was disclosed on July 21, 2025 (NVD, Miggo).
Technical details
The vulnerability is classified as CWE-20 (Improper Input Validation). It has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and high impacts on confidentiality, integrity, and availability (NVD).
Impact
The vulnerability could potentially allow attackers with administrator access to upload arbitrary configurations, which could lead to unauthorized file access and potential system compromise due to the lack of proper path validation (Miggo).
Mitigation and workarounds
Users are strongly recommended to upgrade to Apache Jena version 5.5.0, which addresses this vulnerability by removing the ability to upload arbitrary configurations (NVD).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management