关键信息 漏洞标识 CVE编号: CVE-2025-53689 严重性 严重程度: critical 影响版本 Apache Jackrabbit (org.apache.jackrabbit:jackrabbit-spi-commons) 2.20.0 before 2.20.17 Apache Jackrabbit (org.apache.jackrabbit:jackrabbit-spi-commons) 2.22.0 before 2.22.1 Apache Jackrabbit (org.apache.jackrabbit:jackrabbit-spi-commons) 2.23.0-beta before 2.23.2-beta 描述 漏洞类型: Blind XXE Vulnerabilities 原因: 使用不安全的文档构建来加载权限,导致在Apache Jackrabbit < 2.23.2中存在漏洞。 建议措施 用户应升级到以下版本以修复此问题: - 2.20.17 (Java 8) - 2.22.1 (Java 11) - 2.23.2 (Java 11, beta versions) 致谢 Lars Krapf - Adobe (reporter) Dylan Pindur - Assetnote (finder) Adam Kues - Assetnote (finder) 参考链接 https://jackrabbit.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-53689