cvedb.io
CVE-2025-4949
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2025-05-21T07:16:01.397 · Last modified 2026-06-17T09:34:22.633

Summary

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.

Affected products

eclipse — jgit

Does this affect you?

Add your gear to cvedb and we'll alert you only when eclipse ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.