CVE-2025-49656

CVE-2025-49656: Apache Jena: Administrative users can create files outside the server directory space via the admin UI

Vendor Apache Software Foundation

Product Apache Jena

Weakness CWE-22 · Path traversal

Published July 21, 2025

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.

Key dates

Disclosure timeline

July 21, 2025 CVE published

November 4, 2025 Record updated