Main Vulnerability Database Vulnerabilities #VU113607

Uncontrolled Recursion in Apache Commons Lang - CVE-2025-48924

Published: August 4, 2025 / Updated: April 22, 2026

Vulnerability identifier: #VU113607

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-48924

CWE-ID: CWE-674

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Apache Commons Lang

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. A remote attacker can trigger uncontrolled recursion and perform a denial of service (DoS) attack.

How to mitigate CVE-2025-48924

Install updates from vendor's website.

Sources

https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1

Uncontrolled Recursion in Apache Commons Lang - CVE-2025-48924

Detailed vulnerability description

How to mitigate CVE-2025-48924

Sources

Please verify you're human