CVE-2025-48924
Published: Jul 11, 2025
Modified: Nov 4, 2025
Description
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Commons Lang | affected 2.0 - <= 2.6 |
Apache Software Foundation | Apache Commons Lang | affected 3.0 - < 3.18.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now