CVE-2025-30474

CVSS 3.1 Score 5 of 10 (medium)

Details

Published Mar 23, 2025

Updated: Apr 1, 2025

CWE ID 200

Summary

CVE-2025-30474 is a vulnerability affecting Apache Commons VFS before version 2.10.0. The FtpFileObject class in this software can expose sensitive information, specifically passwords, when a file is not found during an FTP operation. The error message revealing the password can be intercepted by an unauthorized actor. To address this issue, the password should be masked in the exception message. To protect against this vulnerability, it is strongly recommended that users upgrade to Apache Commons VFS version 2.10.0, which includes the necessary patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Apache Commons VFS

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners