The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10548.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff




====================================================================
Red Hat Security Advisory

Synopsis:           Moderate: apache-commons-vfs security update
Advisory ID:        RHSA-2025:10548-03
Product:            Red Hat Enterprise Linux
Advisory URL:       https://access.redhat.com/errata/RHSA-2025:10548
Issue date:         2025-07-08
Revision:           03
CVE Names:          CVE-2025-27553
====================================================================

Summary: 

An update for apache-commons-vfs is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.




Description:

Commons VFS provides a single API for accessing various different file systems. It presents a uniform view of the files from various different sources, such as the files on local disk, on an HTTP server, or inside a Zip archive. Some of the features of Commons VFS are:
* A single consistent API for accessing files of different
 types.
* Support for numerous file system types.
* Caching of file information. Caches information in-JVM,
 and optionally can cache remote file information on the
 local file system.
* Event delivery.
* Support for logical file systems made up of files from
 various different file systems.
* Utilities for integrating Commons VFS into applications,
 such as a VFS-aware ClassLoader and URLStreamHandlerFactory.
* A set of VFS-enabled Ant tasks.

Security Fix(es):

* apache-commons-vfs: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT (CVE-2025-27553)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.


Solution:

https://access.redhat.com/articles/11258



CVEs:

CVE-2025-27553

References:

https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2354334