CVE-2025-46295

Critical CVSS: 9.8

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

Vendor

Claris

Product

Filemaker Server

CWE

CWE-94

Yayın Tarihi

2025-12-16 18:16:12

Güncelleme

2025-12-23 14:50:09

Source Identifier

product-security@apple.com

KEV Date Added

Kategoriler

CWE-94 Filemaker Server CRITICAL Claris 2025

Referanslar

https://support.claris.com/s/answerview?anum=000049059&language=en_US

Benzer Kayıtlar

Medium

CVE-2025-46320

A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access an…

Medium

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumerat…

Medium

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privile…