CVE-2025-49656: Apache Jena allows users with administrator access to create databases files outside the files area of the Fuseki server

July 21, 2025

Users with administrator access can create databases files outside the files area of the Fuseki server.

This issue affects Apache Jena version up to 5.4.0.

Users are recommended to upgrade to version 5.5.0, which fixes the issue.

References

github.com/advisories/GHSA-jq2c-m8gg-mqcm
github.com/apache/jena
github.com/apache/jena/commit/03c5265910aa3a27907bf54f6b4aaae3409afa4f
github.com/apache/jena/commit/35350569b4c1fd432d92e7c92af9597c4400debe
lists.apache.org/thread/qmm21som8zct813vx6dfd1phnfro6mwq
nvd.nist.gov/vuln/detail/CVE-2025-49656

Code Behaviors & Features

Detect and mitigate CVE-2025-49656 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →