[
https://issues.apache.org/jira/browse/KARAF-8007?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré resolved KARAF-8007.
-----------------------------------------
Resolution: Invalid
# Karaf is now using GitHub Issues, Jira will be read-only soon
# The dependency updates are now automatically managed by dependabot
# CXF is used only for example/test, so Karaf IS NOT IMPACTED by CXF
vulnerability
# Karaf (for example/test) has already been updated to CXF 3.6.8
> To support Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE
> (CVE-2025-48913)
> --------------------------------------------------------------------------------
>
> Key: KARAF-8007
> URL: https://issues.apache.org/jira/browse/KARAF-8007
> Project: Karaf
> Issue Type: Dependency upgrade
> Components: karaf
> Affects Versions: 4.4.8
> Reporter: Sudhakar Sharma
> Priority: Major
>
> Can we mitigate the below critical CVE after upgrading to CXF-3.6.8?
> Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
