CVE-2025-48924

CVE-2025-48924: Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

Vendor Apache Software Foundation

Product Apache Commons Lang

Weakness CWE-674

Published July 11, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Key dates

Disclosure timeline

July 11, 2025 CVE published

November 4, 2025 Record updated

Identifiers

CVE CVE-2025-48924

CWE CWE-674

Affected versions

Vendor Apache Software Foundation

Product Apache Commons Lang

Affected ≥ 2.0 and ≤ 2.6

Vendor Apache Software Foundation

Product Apache Commons Lang

Affected ≥ 3.0 and < 3.18.0