diff --git a/content/solr/vex/2025-08-04-cve-2025-48924.md b/content/solr/vex/2025-08-04-cve-2025-48924.md new file mode 100644 index 000000000..22cbfd3c5 --- /dev/null +++ b/content/solr/vex/2025-08-04-cve-2025-48924.md @@ -0,0 +1,11 @@ +--- +cve: CVE-2025-48924 +category: + - solr/vex +versions: "9.0.0-9.9.0" +analysis: + state: not_affected + justification: "code_not_reachable" +title: "commons-lang3-.jar" +--- +The vulnerable functionality is only reachable via `commons-configuration2`, which is used in Solr's Hadoop Kerberos support (`solr-hadoop-auth`) to load administrator-provided Hadoop configuration files. As such, the vulnerability is not exploitable in Solr.