DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2025-46295

Critical

Low Medium High Critical

9.8

CVSS Score

Published: Dec 16, 2025

Last Modified: Dec 23, 2025

Vulnerability Description

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

13 configuration(s) from 1 vendor(s)

filemaker_server

Version:

21.0.1

CPE:

cpe:2.3:a:claris:filemaker_server:21.0.1:*:*:*:*:*:*:*

filemaker_server

Version:

20.3.2

CPE:

cpe:2.3:a:claris:filemaker_server:20.3.2:*:*:*:*:*:*:*

filemaker_server

Version:

19.2.1

CPE:

cpe:2.3:a:claris:filemaker_server:19.2.1:*:*:*:*:*:*:*

filemaker_server

Version:

21.0.2

CPE:

cpe:2.3:a:claris:filemaker_server:21.0.2:*:*:*:*:*:*:*

filemaker_server

Version:

20.2.1

CPE:

cpe:2.3:a:claris:filemaker_server:20.2.1:*:*:*:*:*:*:*

filemaker_server

Version:

20.3.1

CPE:

cpe:2.3:a:claris:filemaker_server:20.3.1:*:*:*:*:*:*:*

filemaker_server

Version:

20.1.2

CPE:

cpe:2.3:a:claris:filemaker_server:20.1.2:*:*:*:*:*:*:*

filemaker_server

Version:

19.1.2

CPE:

cpe:2.3:a:claris:filemaker_server:19.1.2:*:*:*:*:*:*:*

filemaker_server

Version:

19.4.1

CPE:

cpe:2.3:a:claris:filemaker_server:19.4.1:*:*:*:*:*:*:*

filemaker_server

Version:

19.3.2

CPE:

cpe:2.3:a:claris:filemaker_server:19.3.2:*:*:*:*:*:*:*

filemaker_server

Version:

19.3.1

CPE:

cpe:2.3:a:claris:filemaker_server:19.3.1:*:*:*:*:*:*:*

filemaker_server

Version:

20.1.1

CPE:

cpe:2.3:a:claris:filemaker_server:20.1.1:*:*:*:*:*:*:*

filemaker_server

Version:

21.1.1

CPE:

cpe:2.3:a:claris:filemaker_server:21.1.1:*:*:*:*:*:*:*

This vulnerability affects 13 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://support.claris.com/s/answerview?anum=000049059&language=en_US
product-security@apple.com Vendor Advisory

Severity Details

9.8

out of 10.0

Critical

Key Information

Published Date: December 16, 2025

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages

Critical Severity Vulnerability

CVE-2025-46295

Vulnerability Description

CVSS Metrics

Known Affected Software

claris

References & Resources

Severity Details

Key Information

External Resources