CVE-2025-26865

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Mar 10, 2025

Updated: Mar 11, 2025

CWE ID 1336

Summary

CVE-2025-26865 is a vulnerability affecting Apache OFBiz versions from 18.12.17 to 18.12.18. It involves an improper neutralization of special elements used in a template engine. This issue allows attackers to inject malicious code into affected systems, potentially leading to serious security consequences. Users of affected versions are urged to upgrade to version 18.12.18 as soon as possible to mitigate the risk. The use of unofficial releases is not recommended for security reasons. Version 18.12.17 is not affected by this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache OFBiz

Affected Vendors

Apache Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3cm7y7
https://www.cve.org/CVERecord?id=CVE-2025-26865
https://nvd.nist.gov/vuln/detail/CVE-2025-26865

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners