Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA
CVSSv3

CVE-2025-30474

CVSSv4: NA | CVSSv3: NA | CVSSv2: NA | VMScore: NA | EPSS: 0.00056 | KEV: Not Included
Published: 23/03/2025 Updated: 23/03/2025

Vulnerability Summary

Information Disclosure Vulnerability in Apache Commons VFS FtpFileObject Before 2.10.0

A sensitive information disclosure vulnerability exists in Apache Commons VFS within the FtpFileObject class. When a file is not found, the exception message can accidentally reveal the original URI, potentially exposing passwords. This vulnerability affects Apache Commons VFS versions prior to 2.10.0. Users are advised to upgrade to version 2.10.0 to resolve the security issue and prevent unauthorized actors from accessing sensitive information through exception error messages.

Vulnerable Product Search on Vulmon Subscribe to Product

apache software foundation apache commons vfs

Vendor Advisories

Debian CVElist Bug Report Logs: commons-vfs: CVE-2025-27553 CVE-2025-30474
Debian Bug report logs - #1101204 commons-vfs: CVE-2025-27553 CVE-2025-30474 Package: src:commons-vfs; Maintainer for src:commons-vfs is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Mar 2025 21:15:01 UTC Severity: important ...
Debian CVElist Bug Report Logs: commons-vfs: CVE-2025-30474
Debian Bug report logs - #1101946 commons-vfs: CVE-2025-30474 Package: src:commons-vfs; Maintainer for src:commons-vfs is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 24 Mar 2025 21:15:01 UTC Severity: important Tags: security ...
Amazon Linux 2: ALAS-2025-2819
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password The fix is to mask the password in the exception messageThis issue affects Apache Commons VFS: before 2100 ...

Mailing Lists

Full Disclosure: CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message
Severity: moderate Affected versions: - Apache Commons VFS before 2100 Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password The fix is to ma ...

References

CWE-200https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101204https://www.first.org/epsshttps://alas.aws.amazon.com/AL2/ALAS-2025-2819.htmlhttps://issues.apache.org/jira/browse/VFS-169https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4http://www.openwall.com/lists/oss-security/2025/03/23/2
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2024-6665XPath injectionjavascript logicCVE-2025-47784buffer overflowCVE-2024-9599XXECVE-2023-21563CVE-2025-1454event calendarjetpack boostCVE-2025-32756webtoffee-gdpr-cookie-consent
Home
/
Search Results
/
CVE-2025-30474
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook