Robert Vogel (talk | contribs) Created page with "{| class="wikitable" |+ ! ! |- |Date |2025-09-17 |- |Severity |reported "critical", BlueSpice assessment: '''low''' |- |Affected | Current LTS version 5.1, < 5.1.2 |- |Fixed in |fix not yet available |- |CVE | [https://nvd.nist.gov/vuln/detail/CVE-2025-54988 CVE-2025-54988], [https://avd.aquasec.com/nvd/2025/cve-2025-7783 CVE-2025-7783], [https://avd.aquasec.com/nvd/cve-2025-58050 CVE-2025-58050], [https://avd.aquasec.com/nvd/cve-2025-49796 CVE-2025-49796] |} ==Problem=..." |
(No difference)
|
Revision as of 11:31, 17 September 2025
| Date | 2025-09-17 |
| Severity | reported "critical", BlueSpice assessment: low |
| Affected | Current LTS version 5.1, < 5.1.2 |
| Fixed in | fix not yet available |
| CVE | CVE-2025-54988, CVE-2025-7783, CVE-2025-58050, CVE-2025-49796 |
Problem
- Service
bluespice/search- CVE-2025-54988
- XXE; Fixed in code, not yet released by vendor
- Service
bluespice/formula- CVE-2025-7783/
- Caused by a dependency of coveralls; Not used by any production code.
- Service
bluespice/wiki- PCRE: CVE-2025-58050
- libxml: CVE-2025-49794 and CVE-2025-49796
Impact assessment
- Service
bluespice/search - Service
bluespice/formula - Service
bluespice/wiki
Solution
There is currently no solution to those issues. Once the upstream vendors release fixed packages, the next patchlevel release of BlueSpice will contain them.
