QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-53689

Back to search

CVE-2025-53689

Published: Jul 14, 2025

Modified: Nov 4, 2025

PUBLISHED

Description

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.

VendorProductVersions

Apache Software Foundation

Apache Jackrabbit

affected
2.20.0 - < 2.20.17
affected
2.22.0 - < 2.22.1
affected
2.23.0-beta - < 2.23.2-beta

Weaknesses (CWE)

CWE-611

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now