Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions content/solr/vex/2025-08-04-cve-2025-48924.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
cve: CVE-2025-48924
category:
- solr/vex
versions: "9.0.0-9.9.0"
analysis:
state: not_affected
justification: "code_not_reachable"
title: "commons-lang3-<version>.jar"
---
The vulnerable functionality is only reachable via `commons-configuration2`, which is used in Solr's Hadoop Kerberos support (`solr-hadoop-auth`) to load administrator-provided Hadoop configuration files. As such, the vulnerability is not exploitable in Solr.