View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-49656 not yet assigned priority: Debian including 1 source packages (apache-jena), 4 status rows across 4 suites (bookworm, forky, sid, trixie): open 4.
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.