Improper Neutralization of Expression/Command Delimiters in Apache Commons OGNL
CVE-2025-53192

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Commons Ognl
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-53192?

The Apache Commons OGNL library suffers from an improper neutralization of expression/command delimiters, posing a risk of arbitrary code execution. This vulnerability arises when the API Ognl.getValue evaluates user-provided expressions, allowing attackers to exploit the OGNL engine's parsing capabilities. Despite OgnlRuntime's attempts to restrict access to dangerous classes and methods through a blocklist, the limitations are not exhaustive. Attackers can potentially circumvent these restrictions using class objects not included on the blocklist. As the Apache Commons OGNL project is retired, there will be no further fixes; users are advised to seek alternative solutions or limit access to trusted users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Commons OGNL 0

References

https://lists.apache.org/thread/2gj8tjl6vz949nnp3yxz3okm9...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

yyjLF

JSON

Apache

What is CVE-2025-53192?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.