Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Published

2025-07-11T15:15:24.347

Last Modified

2025-11-04T22:16:17.823

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-674

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	commons_lang	< 2.6	Yes
Application	apache	commons_lang	< 3.18.0	Yes

References

https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1 Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/07/11/1 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/08/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/08/msg00026.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/09/msg00032.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/09/msg00036.html (af854a3a-2127-422b-91ae-364da2661108)