Sensitive Information Exposure Vulnerability in Apache Commons VFS
CVE-2025-30474

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Commons Vfs
Vendor: CVE Published:; 23 March 2025

Summary

A vulnerability in Apache Commons VFS allows the FtpFileObject class to expose sensitive information, including potential passwords, through exception messages when a file is not found. This issue affects versions prior to 2.10.0 and can lead to unauthorized access. Users are urged to upgrade to version 2.10.0 to secure their systems by masking sensitive data in exception messages.

Affected Version(s)

Apache Commons VFS 0 < 2.10.0

References

https://issues.apache.org/jira/browse/VFS-169

https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xw...

vendor-advisory

Timeline

Vulnerability published
Mar 23, 2025
Vulnerability Reserved
Mar 22, 2025

Credit

Marek Šunda