CVE-2025-46295CRITICAL 9.8EPSS p55.6%

CVE-2025-46295CVE-2025-46295

Description

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.92% probability of exploitation · percentile 55.6% · 2026-06-19T12:03:05Z
Published2025-12-16
Last modified2025-12-23

Underlying weaknesses· 1

CWE-94

References

  1. https://support.claris.com/s/answerview?anum=000049059&language=en_US

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-50223
CVE
CVE-2025-54752
CVE
CVE-2026-46586
CVE
CVE-2025-29902
CVE
CVE-2025-61812
CVE
CVE-2025-43560
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.