Is Identity Manager vulnerable to CVE-2025-48924

search cancel

Is Identity Manager vulnerable to CVE-2025-48924

book

Article ID: 407875

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

CVE-2025-48924

Environment

Identity Manager 14.5

Resolution

14.5 is not vulnerable as IGA uses the uses commons-lang3 for AMQ Clients, it is used internally for message communication between clusters, there is no human intervention involved.

14.5 versions of commons-lang:

\modules\system\layers\base\org\apache\commons\lang\main\commons-lang-2.6.jar
\modules\system\layers\base\org\apache\commons\lang3\main\commons-lang3-3.11.jar
\standalone\deployments\iam_im.ear\library\commons-lang-2.1.jar
\standalone\deployments\iam_im.ear\library\commons-lang3-3.9.jar

IGA V15 uses 3.14 of commons-lang

Feedback

thumb_up Yes

thumb_down No