{"id":"CVE-2025-30474","details":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS.\n\nThe FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception message\nThis issue affects Apache Commons VFS: before 2.10.0.\n\nUsers are recommended to upgrade to version 2.10.0, which fixes the issue.","aliases":["GHSA-3936-3gx6-49c4"],"modified":"2026-03-14T12:42:57.169796Z","published":"2025-03-23T15:15:14.103Z","related":["SUSE-SU-2025:1022-1","openSUSE-SU-2025:14929-1"],"references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/w6ztgnbk6ccry3470x191g3xwrpgy6f4"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2025/03/23/2"},{"type":"FIX","url":"https://issues.apache.org/jira/browse/VFS-169"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30474.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}