Remote Code Execution Vulnerability in Apache Commons Text Affects Claris FileMaker Server
CVE-2025-46295

9.8CRITICAL

Key Information:

Vendor

Claris

Status
Filemaker Server
Vendor
CVE Published:
16 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2025-46295?

The vulnerability arises from the improper handling of untrusted input in the text-substitution API of Apache Commons Text, utilized by Claris FileMaker Server. Applications leveraging this library prior to version 1.10.0 could be compromised, allowing attackers to manipulate interpolators to execute unauthorized commands or access sensitive external resources. This risk underlines the importance of upgrading to version 22.0.4 or later of FileMaker Server, where the issue has been fully rectified.

Affected Version(s)

FileMaker Server < 22.0.4

News Articles

favicon imageCyber Press

Critical Apache Commons Text Vulnerability Enables Remote Code Execution

The flaw, tracked as CVE-2025-46295, affects all versions before 1.10.0 of this widely used Java library for text manipulation and processing.

References

https://support.claris.com/s/answerview?anum=000049059&la...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by Cyber Press

  • Vulnerability published

  • Vulnerability Reserved

.