The following table lists the changes that have been made to the
CVE-2025-46392 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.
May. 09, 2025
| Action | Type | Old Value | New Value |
|---|---|---|---|
| Added | Description | Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x.
There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario’s where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration. |
|
| Added | CWE | CWE-400 | |
| Added | Reference | https://lists.apache.org/thread/y1pl0mn3opz6kwkm873zshjdxq3dwq5s | |
| Added | Reference | https://www.cve.org/CVERecord?id=CVE-2024-29131 | |
| Added | Reference | https://www.cve.org/CVERecord?id=CVE-2024-29133 |
CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –
CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
