CVE-2024-25710 HIGH

CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

Vendor Apache Software Foundation

Product Apache Commons Compress

Weakness CWE-835

Published February 19, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Key dates

Disclosure timeline

February 19, 2024 CVE published

November 4, 2025 Record updated

Identifiers

CVE CVE-2024-25710

CWE CWE-835

CVSS 8.1 / HIGH

Affected versions

Vendor Apache Software Foundation

Product Apache Commons Compress

Affected ≥ 1.3 and ≤ 1.25.0