Home

Description

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

PUBLISHED Reserved 2025-04-22 | Published 2025-12-16 | Updated 2025-12-17 | Assigner apple

Problem types

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution.

Product status

Any version before 22.0.4
affected

References

support.claris.com/...swerview?anum=000049059&language=en_US

cve.org (CVE-2025-46295)

nvd.nist.gov (CVE-2025-46295)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.