Uncontrolled Resource Consumption Vulnerability in Apache Commons Configuration by Apache
CVE-2025-46392
What is CVE-2025-46392?
The Apache Commons Configuration 1.x contains a significant vulnerability that can lead to excessive resource consumption under certain conditions. This issue arises when loading untrusted configurations or employing unexpected usage patterns. As a response, the Apache Commons Configuration team has not issued a fix for the 1.x version. It remains crucial for users to refrain from using untrusted sources and to only load trusted configurations to maintain a secure environment. For enhanced security, users are strongly advised to upgrade to the Apache Commons Configuration 2.x. This newer version addresses these vulnerabilities but requires careful migration as it does not serve as a drop-in replacement and operates under a different Maven groupId and Java package namespace, allowing side-by-side installation.
Affected Version(s)
Apache Commons Configuration 1 < 2.0.0