#VU113607 Uncontrolled Recursion in Apache Commons Lang - CVE-2025-48924
Published: August 4, 2025
Vulnerability identifier: #VU113607
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-48924
CWE-ID: CWE-674
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apache Commons Lang
Apache Commons Lang
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. A remote attacker can trigger uncontrolled recursion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.