CVE-2025-48924
Uncontrolled Recursion vulnerability in Apache Commons Lang.
This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.
The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.
Users are recommended to upgrade to version 3.18.0, which fixes the issue.
| Software | From | Fixed in |
|---|---|---|
org.apache.commons / commons-lang3
|
3.0 | 3.18.0 |
|
commons-lang / commons-lang
|
2.0 | 2.6.x |
| apache / commons_lang | 2.0 | 2.6 |
| apache / commons_lang | 3.0 | 3.18.0 |
- http://www.openwall.com/lists/oss-security/2025/07/11/1
- https://github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53
- https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1
- https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html
- https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html
- https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html
- https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime