Vulnerability Database
296,760
Total vulnerabilities in the database
CVE-2025-53689
Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit < 2.23.2 due to usage of an unsecured document build to load privileges.
Users are recommended to upgrade to versions 2.20.17 (Java 8), 2.22.1 (Java 11) or 2.23.2 (Java 11, beta versions), which fix this issue. Earlier versions (up to 2.20.16) are not supported anymore, thus users should update to the respective supported version.
| Software | From | Fixed in |
|---|---|---|
org.apache.jackrabbit / jackrabbit-spi-commons
|
2.20.0 | 2.20.17 |
|
org.apache.jackrabbit / jackrabbit-spi-commons
|
2.22.0 | 2.22.1 |
|
org.apache.jackrabbit / jackrabbit-spi-commons
|
2.23.0-beta | 2.23.2-beta |
|
org.apache.jackrabbit / jackrabbit-core
|
2.23.0-beta | 2.23.2-beta |
|
org.apache.jackrabbit / jackrabbit-core
|
2.20.0 | 2.20.17 |
|
org.apache.jackrabbit / jackrabbit-core
|
2.22.0 | 2.22.1 |
| apache / jackrabbit | 2.20.0 | 2.20.17 |
| apache / jackrabbit | 2.22.0 | 2.22.0.x |
| apache / jackrabbit | 2.23.0-beta | 2.23.0-beta.x |
| apache / jackrabbit | 2.23.1-beta | 2.23.1-beta.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime