Apache Tomcat Vulnerability CVE-2025-48913 in Aria Operations
search cancel

Apache Tomcat Vulnerability CVE-2025-48913 in Aria Operations

book

Article ID: 408355

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.

Environment

VCF Operations 9.0

Aria Operations 8.18

Resolution

This vulnerability is addressed in VCF Operations 9.0.1 and 8.18.5

Additional Information

Powered by Wolken Software