vulnerability

SUSE: CVE-2025-4949: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:H/Au:N/C:N/I:N/A:C)	Aug 12, 2025	Aug 13, 2025	Jan 6, 2026

Severity

CVSS

(AV:N/AC:H/Au:N/C:N/I:N/A:C)

Published

Aug 12, 2025

Added

Aug 13, 2025

Modified

Jan 6, 2026

Description

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

Solutions

suse-upgrade-eclipse-jgitsuse-upgrade-jgit

References

CVE-2025-4949
https://attackerkb.com/topics/CVE-2025-4949
CWE-611
CWE-827

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today