CVE-2025-48924

Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs

Description

Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

References

Link	Tags
https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-48924?: CVE-2025-48924 has been scored as a medium severity vulnerability.
How to fix CVE-2025-48924?: To fix CVE-2025-48924, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-48924 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-48924 is being actively exploited.
What software or system is affected by CVE-2025-48924?: CVE-2025-48924 affects Apache Software Foundation Apache Commons Lang, Apache Software Foundation Apache Commons Lang.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-674 – Uncontrolled Recursion

References

Frequently Asked Questions