Base Score

MEDIUM5.3

CVE-2025-48924

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

VectorNETWORK

Published Bysecurity@apache.org

Published DateJul 11, 2025, 15:15

Affected Versions(2)

org.apache.commons:commons-lang3(Maven)

Introduced3.0

Fixed3.18.0

LimitN/A

commons-lang:commons-lang(Maven)

Introduced2.0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.commons:commons-lang3(Maven)	3.0	3.18.0	N/A
commons-lang:commons-lang(Maven)	2.0	N/A	N/A

Weakness Type (CWE):CWE-674

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-674

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

CVE-2025-48924

VectorNETWORK

Published Bysecurity@apache.org

Published DateJul 11, 2025, 15:15

Package (Ecosystem)

Introduced

Fixed

Limit

org.apache.commons:commons-lang3(Maven)

3.0

3.18.0

N/A

commons-lang:commons-lang(Maven)

2.0

N/A