An update for apache-commons-beanutils is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1803 Final 1.0 1.0 2025-07-11 Initial 2025-07-11 2025-07-11 openEuler SA Tool V1.0 2025-07-11 apache-commons-beanutils security update An update for apache-commons-beanutils is now available for openEuler-24.03-LTS-SP2 The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight. Security Fix(es): A vulnerability, which was classified as critical, was found in Apache Commons BeanUtils up to 1.10.x/2.0.0-/1.CWE is classifying the issue as CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 1.11.0 or 2.0.0-M2 eliminates this vulnerability.(CVE-2025-48734) An update for apache-commons-beanutils is now available for openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High apache-commons-beanutils https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1803 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48734 https://nvd.nist.gov/vuln/detail/CVE-2025-48734 openEuler-24.03-LTS-SP2 apache-commons-beanutils-1.9.4-4.oe2403sp2.noarch.rpm apache-commons-beanutils-javadoc-1.9.4-4.oe2403sp2.noarch.rpm apache-commons-beanutils-1.9.4-4.oe2403sp2.src.rpm A vulnerability, which was classified as critical, was found in Apache Commons BeanUtils up to 1.10.x/2.0.0-/1.CWE is classifying the issue as CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 1.11.0 or 2.0.0-M2 eliminates this vulnerability. 2025-07-11 CVE-2025-48734 openEuler-24.03-LTS-SP2 High 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H apache-commons-beanutils security update 2025-07-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1803