Skip to content

Security Vulnerabilities in usb4java 1.3.0 - CVE-2025-48924 and CVE-2020-15250 #92

Open
Open
Security Vulnerabilities in usb4java 1.3.0 - CVE-2025-48924 and CVE-2020-15250#92
@sharath2mobile

Description

@sharath2mobile
sharath2mobile
opened on Aug 20, 2025

Environment:

  • OS: yocto linux dunfell
  • Java version 1.8
  • usb4java version 1.3.0

Bug description
We are using usb4java version 1.3.0 in our project and noticed that it includes dependencies with known vulnerabilities:

  • CVE-2025-48924: Uncontrolled recursion in Apache Commons Lang (fixed in commons-lang3 3.18.0)
  • CVE-2020-15250: Information disclosure in JUnit TemporaryFolder (fixed in JUnit 4.13.1)

Could you please confirm:

  • Whether these vulnerabilities impact usb4java usage directly?
  • Any recommended mitigation steps?
  • If there is a plan for a new release that updates these dependencies?

Reproduction
Vulnerabilities from dependencies: CVE-2025-48924CVE-2020-15250
Reference link: https://mvnrepository.com/artifact/org.usb4java/usb4java/1.3.0

Expected behavior
Reported Vulnerabilities to be solved.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions