CVE-2025-48924

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48924

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48924.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48924

Aliases

GHSA-j288-q9x7-2f5v

Downstream

DEBIAN-CVE-2025-48924

DLA-4262-1

DLA-4286-1

MINI-25vg-2v5f-2qmh

MINI-2jx6-jghf-fhm4

MINI-3chw-x6r6-8gr3

MINI-49vj-h987-262h

MINI-6m9r-6jf8-68xg

MINI-6r9f-r9j7-w78m

MINI-6xcf-6qg8-rpcv

MINI-8535-hcwc-rxcg

MINI-8x9v-rj2g-39h9

MINI-9qx2-jmj9-mrmf

MINI-9wpp-9hxr-mq98

MINI-c485-4x47-vfjw

MINI-c4p5-q63x-jq26

MINI-fppq-8jvg-4h2j

MINI-fpx6-f5f7-476m

MINI-gwp5-7cf7-9h5x

MINI-hx68-558v-gmjp

MINI-jcv4-rjr4-6h38

MINI-m3fw-7cxp-f73m

MINI-mf82-qh9h-f24v

MINI-pcxr-xff6-vr5w

MINI-pgcj-w463-xqj2

MINI-r96g-g2p5-v6x7

MINI-v2rq-pxgr-463f

MINI-v4c4-f2cr-x52x

MINI-v5vj-34qf-mhgp

MINI-vm8q-9rgm-h6x8

MINI-x68q-r73r-r8gg

MINI-xhwj-rx75-w3f8

MINI-xvhg-2h9c-82qm

OESA-2025-1929

OESA-2025-1971

OESA-2025-1972

OESA-2025-2030

OESA-2025-2031

OESA-2025-2032

OESA-2025-2061

SUSE-SU-2025:02785-1

SUSE-SU-2025:02786-1

UBUNTU-CVE-2025-48924

Related

Published

2025-07-11T15:15:24Z

Modified

2025-09-10T04:27:20Z

Summary

[none]

Details

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

References

https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1

Affected packages

Git / github.com/apache/commons-lang

Affected ranges

Type: GIT
Repo: https://github.com/apache/commons-lang
Events: Introduced

da5d64110a8b7182d04359958f40fadfbe1ed6ff

Fixed

631f3ce18ed9ae276b34105592a13f32df200260