CVE-2020-25649 [High] | Security Vulnerability in Jackson-Databind

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-27	0.01%	0.07%	+0.06%
2	2025-11-21	12.44%	0.01%	-12.43%
3	2025-11-18	—	12.44%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-05-27

0.01%

0.07%

+0.06%

2025-11-21

12.44%

0.01%

-12.43%

2025-11-18

—

12.44%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:N) Service keeps running; no real outage angle.	3.9	3.6	[email protected]
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	10.0	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N): Service keeps running; no real outage angle.

3.9

3.6

[email protected]

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

10.0

2.9

[email protected]

OS Trackers for CVE-2020-25649

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2020-25649 not yet assigned priority: Debian including 1 source packages (jackson-databind), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2020-25649
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2020-25649
`suse`	medium	—	https://www.suse.com/security/cve/CVE-2020-25649/
`ubuntu`	medium	CVE-2020-25649 medium priority: Ubuntu including 1 source packages (jackson-databind), 16 status rows across 16 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 11, needed 3, needs-triage 1, released 1.	https://ubuntu.com/security/CVE-2020-25649

Affected software / configurations for CVE-2020-25649

Vendor	Product	Version	Raw CPE
fasterxml	jackson-databind	>= 2.6.0, < 2.6.7.4	cpe:2.3:a:fasterxml:jackson-databind::::::::
fasterxml	jackson-databind	>= 2.9.0, < 2.9.10.7	cpe:2.3:a:fasterxml:jackson-databind::::::::
fasterxml	jackson-databind	>= 2.10.0, < 2.10.5.1	cpe:2.3:a:fasterxml:jackson-databind::::::::
netapp	oncommand_api_services	—	cpe:2.3:a:netapp:oncommand_api_services:-:::::::*
netapp	oncommand_workflow_automation	—	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
netapp	service_level_manager	—	cpe:2.3:a:netapp:service_level_manager:-:::::::*
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
quarkus	quarkus	<= 1.6.1	cpe:2.3:a:quarkus:quarkus::::::::
apache	iotdb	< 0.12.0	cpe:2.3:a:apache:iotdb::::::::
oracle	agile_plm	9.3.6	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
oracle	agile_product_lifecycle_management_integration_pack	3.6	cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:::::e-business_suite::
oracle	banking_apis	>= 18.1, <= 18.3	cpe:2.3:a:oracle:banking_apis::::::::
oracle	banking_apis	19.1	cpe:2.3:a:oracle:banking_apis:19.1:::::::*
oracle	banking_apis	19.2	cpe:2.3:a:oracle:banking_apis:19.2:::::::*
oracle	banking_apis	20.1	cpe:2.3:a:oracle:banking_apis:20.1:::::::*
oracle	banking_apis	21.1	cpe:2.3:a:oracle:banking_apis:21.1:::::::*
oracle	banking_platform	2.6.2	cpe:2.3:a:oracle:banking_platform:2.6.2:::::::*
oracle	banking_platform	2.7.0	cpe:2.3:a:oracle:banking_platform:2.7.0:::::::*
oracle	banking_platform	2.7.1	cpe:2.3:a:oracle:banking_platform:2.7.1:::::::*
oracle	banking_platform	2.8.0	cpe:2.3:a:oracle:banking_platform:2.8.0:::::::*
oracle	banking_platform	2.9.0	cpe:2.3:a:oracle:banking_platform:2.9.0:::::::*
oracle	banking_platform	2.10.0	cpe:2.3:a:oracle:banking_platform:2.10.0:::::::*
oracle	banking_treasury_management	4.4	cpe:2.3:a:oracle:banking_treasury_management:4.4:::::::*
oracle	blockchain_platform	< 21.1.2	cpe:2.3:a:oracle:blockchain_platform::::::::
oracle	coherence	12.2.1.4.0	cpe:2.3:a:oracle:coherence:12.2.1.4.0:::::::*
oracle	coherence	14.1.1.0.0	cpe:2.3:a:oracle:coherence:14.1.1.0.0:::::::*
oracle	commerce_platform	>= 11.3.0, <= 11.3.2	cpe:2.3:a:oracle:commerce_platform::::::::
oracle	commerce_platform	11.2.0	cpe:2.3:a:oracle:commerce_platform:11.2.0:::::::*
oracle	communications_billing_and_revenue_management	7.5.0.23.0	cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:::::::*
oracle	communications_billing_and_revenue_management	12.0.0.3.0	cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:::::::*
oracle	communications_cloud_native_core_unified_data_repository	1.4.0	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:::::::*
oracle	communications_convergent_charging_controller	12.0.4.0.0	cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:::::::*
oracle	communications_evolved_communications_application_server	7.1	cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:::::::*
oracle	communications_instant_messaging_server	10.0.1.5.0	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:::::::*
oracle	communications_interactive_session_recorder	6.3	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:::::::*
oracle	communications_interactive_session_recorder	6.4	cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:::::::*
oracle	communications_network_charging_and_control	12.0.4.0.0	cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:::::::*
oracle	communications_offline_mediation_controller	12.0.0.3	cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:::::::*
oracle	communications_pricing_design_center	12.0.0.4.0	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:::::::*
oracle	communications_services_gatekeeper	7.0	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
oracle	communications_unified_inventory_management	7.4.1	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:::::::*
oracle	goldengate_application_adapters	19.1.0.0.0	cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:::::::*
oracle	health_sciences_empirica_signal	9.0	cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:::::::*
oracle	health_sciences_empirica_signal	9.1	cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1:::::::*
oracle	insurance_policy_administration	>= 11.1.0, <= 11.3.0	cpe:2.3:a:oracle:insurance_policy_administration::::::::
oracle	insurance_policy_administration	11.0.2	cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:::::::*
oracle	insurance_rules_palette	>= 11.1.0, <= 11.3.0	cpe:2.3:a:oracle:insurance_rules_palette::::::::
oracle	insurance_rules_palette	11.0.2	cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:::::::*
oracle	jd_edwards_enterpriseone_orchestrator	< 9.2.5.3	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::
oracle	jd_edwards_enterpriseone_tools	< 9.2.5.3	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
oracle	primavera_gateway	>= 17.7, <= 17.12	cpe:2.3:a:oracle:primavera_gateway::::::::
oracle	primavera_gateway	>= 17.12.0, <= 17.12.11	cpe:2.3:a:oracle:primavera_gateway::::::::
oracle	primavera_gateway	>= 18.8.0, <= 18.8.11	cpe:2.3:a:oracle:primavera_gateway::::::::
oracle	primavera_gateway	>= 19.12.0, <= 19.12.10	cpe:2.3:a:oracle:primavera_gateway::::::::
oracle	primavera_gateway	20.12.0	cpe:2.3:a:oracle:primavera_gateway:20.12.0:::::::*
oracle	retail_service_backbone	14.1.3.2	cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:::::::*
oracle	retail_service_backbone	15.0.3.1	cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:::::::*
oracle	retail_service_backbone	16.0.3	cpe:2.3:a:oracle:retail_service_backbone:16.0.3:::::::*
oracle	retail_xstore_point_of_service	16.0.6	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:::::::*
oracle	retail_xstore_point_of_service	17.0.4	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:::::::*
oracle	retail_xstore_point_of_service	18.0.3	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:::::::*
oracle	retail_xstore_point_of_service	19.0.2	cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:::::::*
oracle	retail_xstore_point_of_service	20.0.1	cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:::::::*
oracle	sd-wan_edge	9.0	cpe:2.3:a:oracle:sd-wan_edge:9.0:::::::*
oracle	utilities_framework	4.3.0.5.0	cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:::::::*
oracle	utilities_framework	4.3.0.6.0	cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:::::::*
oracle	utilities_framework	4.4.0.0.0	cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:::::::*
oracle	utilities_framework	4.4.0.2.0	cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:::::::*
oracle	utilities_framework	4.4.0.3.0	cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:::::::*
oracle	webcenter_portal	12.2.1.3.0	cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::*
oracle	webcenter_portal	12.2.1.4.0	cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:::::::*
oracle	communications_messaging_server	8.0.2	cpe:2.3:o:oracle:communications_messaging_server:8.0.2:::::::*
oracle	communications_messaging_server	8.1	cpe:2.3:o:oracle:communications_messaging_server:8.1:::::::*

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1887664	Issue Tracking Third Party Advisory
https://github.com/FasterXML/jackson-databind/issues/2589	Patch Third Party Advisory
https://lists.apache.org/thread.html/r011d1430e8f40dff9550c3bc5d0f48b14c01ba8aecabd91d5e495386%40%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/r024b7bda9c43c5560d81238748775c5ecfe01b57280f90df1f773949%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r04529cedaca40c2ff90af4880493f9c88a8ebf4d1d6c861d23108a5a%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r0881e23bd9034c8f51fdccdc8f4d085ba985dcd738f8520569ca5c3d%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r0b8dc3acd4503e4ecb6fbd6ea7d95f59941168d8452ac0ab1d1d96bb%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r1b7ed0c4b6c4301d4dfd6fdbc5581b0a789d3240cab55d766f33c6c6%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2882fc1f3032cd7be66e28787f04ec6f1874ac68d47e310e30ff7eb1%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r2b6ddb3a4f4cd11d8f6305011e1b7438ba813511f2e3ab3180c7ffda%40%3Ccommits.druid.apache.org%3E
https://lists.apache.org/thread.html/r2eb66c182853c69ecfb52f63d3dec09495e9b65be829fd889a081ae1%40%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r2f5c5479f99398ef344b7ebd4d90bc3316236c45d0f3bc42090efcd7%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r31f4ee7d561d56a0c2c2c6eb1d6ce3e05917ff9654fdbfec05dc2b83%40%3Ccommits.servicecomb.apache.org%3E
https://lists.apache.org/thread.html/r3e6ae311842de4e64c5d560a475b7f9cc7e0a9a8649363c6cf7537eb%40%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r407538adec3185dd35a05c9a26ae2f74425b15132470cf540f41d85b%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r45e7350dfc92bb192f3f88e9971c11ab2be0953cc375be3dda5170bd%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r5b130fe668503c4b7e2caf1b16f86b7f2070fd1b7ef8f26195a2ffbd%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r5f8a1608d758936bd6bbc5eed980777437b611537bf6fff40663fc71%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r605764e05e201db33b3e9c2e66ff620658f07ad74f296abe483f7042%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r63c87aab97155f3f3cbe11d030c4a184ea0de440ee714977db02e956%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r68d029ee74ab0f3b0569d0c05f5688cb45dd3abe96a6534735252805%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r6a4f3ef6edfed2e0884269d84798f766779bbbc1005f7884e0800d61%40%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/r6a6df5647583541e3cb71c75141008802f7025cee1c430d4ed78f4cc%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6b11eca1d646f45eb0d35d174e6b1e47cfae5295b92000856bfb6304%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r6cbd599b80e787f02ff7a1391d9278a03f37d6a6f4f943f0f01a62fb%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r6e3d4f7991542119a4ca6330271d7fbf7b9fb3abab24ada82ddf1ee4%40%3Cnotifications.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r73bef1bb601a9f093f915f8075eb49fcca51efade57b817afd5def07%40%3Ccommits.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r765283e145049df9b8998f14dcd444345555aae02b1610cfb3188bf8%40%3Cnotifications.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r78d53a0a269c18394daf5940105dc8c7f9a2399503c2e78be20abe7e%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7cb5b4b3e4bd41a8042e5725b7285877a17bcbf07f4eb3f7b316af60%40%3Creviews.iotdb.apache.org%3E
https://lists.apache.org/thread.html/r86c78bf7656fdb2dab69cbf17f3d7492300f771025f1a3a65d5e5ce5%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8764bb835bcb8e311c882ff91dd3949c9824e905e880930be56f6ba3%40%3Cuser.spark.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8937a7160717fe8b2221767163c4de4f65bc5466405cb1c5310f9080%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/r8ae961c80930e2717c75025414ce48a432cea1137c02f648b1fb9524%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r900d4408c4189b376d1ec580ea7740ea6f8710dc2f0b7e9c9eeb5ae0%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r90d1e97b0a743cf697d89a792a9b669909cc5a1692d1e0083a22e66c%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r91722ecfba688b0c565675f8bf380269fde8ec62b54d6161db544c22%40%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/r94c7e86e546120f157264ba5ba61fd29b3a8d530ed325a9b4fa334d7%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r95a297eb5fd1f2d3a2281f15340e2413f952e9d5503296c3adc7201a%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r98bfe3b90ea9408f12c4b447edcb5638703d80bc782430aa0c210a54%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ra1157e57a01d25e36b0dc17959ace758fc21ba36746de29ba1d8b130%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/ra409f798a1e5a6652b7097429b388650ccd65fd958cee0b6f69bba00%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/ra95faf968f3463acb3f31a6fbec31453fc5045325f99f396961886d3%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/raf13235de6df1d47a717199e1ecd700dff3236632f5c9a1488d9845b%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rb674520b9f6c808c1bf263b1369e14048ec3243615f35cfd24e33604%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc15e90bbef196a5c6c01659e015249d6c9a73581ca9afb8aeecf00d2%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rc82ff47853289e9cd17f5cfbb053c04cafc75ee32e3d7223963f83bb%40%3Cdev.knox.apache.org%3E
https://lists.apache.org/thread.html/rc88f2fa2b7bd6443921727aeee7704a1fb02433e722e2abf677e0d3d%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rc959cdb57c4fe198316130ff4a5ecbf9d680e356032ff2e9f4f05d54%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd317f15a675d114dbf5b488d27eeb2467b4424356b16116eb18a652d%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rd57c7582adc90e233f23f3727db3df9115b27a823b92374f11453f34%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd6f6bf848c2d47fa4a85c27d011d948778b8f7e58ba495968435a0b3%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rdca8711bb7aa5d47a44682606cd0ea3497e2e922f22b7ee83e81e6c1%40%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rdf9a34726482222c90d50ae1b9847881de67dde8cfde4999633d2cdc%40%3Ccommits.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/re16f81d3ad49a93dd2f0cba9f8fc88e5fb89f30bf9a2ad7b6f3e69c1%40%3Ccommits.karaf.apache.org%3E
https://lists.apache.org/thread.html/re96dc7a13e13e56190a5d80f9e5440a0d0c83aeec6467b562fbf2dca%40%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/rf1809a1374041a969d77afab21fc38925de066bc97e86157d3ac3402%40%3Ccommits.karaf.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6X2UT4X6M7DLQYBOOHMXBWGYJ65RL2CT/
https://security.netapp.com/advisory/ntap-20210108-0007/	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

URL

CVE-2020-25649

Exploit prediction scoring system (EPSS) score for CVE-2020-25649

Common vulnerability scoring system (CVSS) metrics for CVE-2020-25649

Weakness enumeration for CVE-2020-25649

GitHub Security Advisory for CVE-2020-25649

OS Trackers for CVE-2020-25649

Affected software / configurations for CVE-2020-25649

References for CVE-2020-25649