CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
Published May 28, 2025
·Updated
Improper Access Control vulnerability in Apache Commons.
Affected Software
8 affected componentsFixes available
Apache Commons Beanutils<1.11.0
Apache Commons Beanutils<2.0.0-M2
maven/org.apache.commons:commons-beanutils2>=2.0.0-M1<2.0.0-M2
2.0.0-M2
maven/commons-beanutils:commons-beanutils>=1.0<=1.10.1
1.11.0
Apache Commons Beanutils>=1.0<1.11.0
Apache Commons Beanutils=2.0.0-milestone1
IBM InfoSphere Data Architect<=9.2.1
debian/commons-beanutils<=1.9.4-1
1.9.4-1+deb11u11.9.4-1+deb12u11.10.1-1.1
Event History
May 28, 2025
CVE Published
via MITRE·01:32 PM
Data Sourced
via MITRE·01:32 PM
DescriptionWeakness
Data Sourced
via Red Hat·02:01 PM
DescriptionSeverityAffected Software
Data Sourced
via NVD·02:15 PM
DescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·03:34 PM
Mar 4, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
May 27, 2026
Data Sourced
via Launchpad·05:13 PM
Description
Data Sourced
via Debian·05:14 PM
DescriptionAffected Software
May 28, 2026
Data Sourced
via Ubuntu·05:14 PM
RemedyDescriptionSeverityAffected Software
Jun 24, 57411
Event
via FIRST·12:01 PM
Frequently Asked Questions
1
What is the severity of CVE-2025-48734?
CVE-2025-48734 has a medium severity rating due to improper access control vulnerabilities in Apache Commons.
2
How do I fix CVE-2025-48734?
To fix CVE-2025-48734, upgrade to Apache Commons BeanUtils version 1.11.0 or later.
3
Which versions of Apache Commons BeanUtils are affected by CVE-2025-48734?
CVE-2025-48734 affects Apache Commons BeanUtils versions prior to 1.11.0 and 2.0.0-M2.
4
What type of vulnerability is CVE-2025-48734?
CVE-2025-48734 is classified as an improper access control vulnerability.
5
Is there a workaround for CVE-2025-48734?
There is no official workaround for CVE-2025-48734; upgrading to a patched version is recommended.