Safeguarding Technovate: Your Digital Fortress — Explore Cutting-Edge Tech

Critical Apache Commons Text Vulnerability 'Text4Shell' Discovered

The 'Text4Shell' flaw puts countless systems at risk. Organizations must update Apache Commons Text immediately to avoid arbitrary code execution.

, and Administrator

2025 September 30 . 9:24 PM

1 min read

In the image we can see this is a basin, water tap, mirror, lamp, window, door, western toilet,... — In the image we can see this is a basin, water tap, mirror, lamp, window, door, western toilet, stool, chair, bathing tub and a carpet. This is a page of a book and this is a printed text.

Critical Apache Commons Text Vulnerability 'Text4Shell' Discovered

A critical vulnerability, dubbed 'Text4Shell', has been discovered in the widely-used Apache Commons Text library. This flaw, tracked as CVE-2022-42889, affects versions 1.5 through 1.9 and allows unauthenticated attackers to execute arbitrary code on vulnerable assets, scoring a CVSSv3 of 9.8/10.

Qualys has swiftly responded by creating an out-of-band utility for Windows to detect vulnerable libraries. Organizations using Qualys CyberSecurity Asset Management (CSAM) can now identify assets with Apache Commons Text installed, while Qualys Vulnerability Management Detection and Response (VMDR) with TruRisk can prioritize vulnerable assets. Successful exploitation of this vulnerability can lead to arbitrary code execution on the vulnerable asset.

Publicly available Proof of Concept (PoC) exploits exist, making it crucial for organizations to address this issue promptly. Qualys is releasing QIDs to cover this vulnerability, starting with vulnsigs version VULNSIGS-2_5_617 and Linux Cloud Agent manifest version LX_MANIFEST-2.5.617.2-1. Additionally, Qualys' Software Composition Analysis capabilities for Container Security can detect vulnerable container images.

Organizations are urged to update their Apache Commons Text libraries to version 1.10 or later to mitigate this critical vulnerability. Qualys' tools provide comprehensive coverage for detecting and managing this issue, ensuring organizations can respond swiftly and effectively. While specific vulnerable organizations are not directly identified, one example, Relution, has already updated to address this flaw, indicating the widespread use of the affected library.

Latest

In the picture I can see dial gauge of a wrist watch.

Smart-home-devices

Longines Revives Classic Spirit Zulu Time in Titanium

The legendary Spirit Zulu Time returns in a lightweight, durable titanium case. Its dual-time functionality makes it perfect for modern adventurers.

, and Administrator

2025 October 9

In this image, we can see an advertisement contains robots and some text.

Harnessing the Power of AI

Target Leads Retail Innovation with Generative AI Expansion

Target's AI gift finder was a holiday hit. Now, it's set to revolutionize shopping for other seasons, preparing for a future where AI assistants shop for us.

, and Administrator

2025 October 9

In this image we can see there is a tool box with so many tools in it.

Harnessing the Power of AI

AI Revolutionizes Software Testing and Development

AI is transforming software testing and development, offering substantial benefits. But are organizations ready for this AI revolution?

, and Administrator

2025 October 9

In this picture there is a bottle of cool drink and RISK word is written at the top of the bottle...

Mastering Money Matters

NIST Introduces Enterprise Risk Profile for Cybersecurity Management

NIST's new report offers a game-changer for cybersecurity risk management. The enterprise risk profile helps organisations compare and manage all risks in one place.

, and Administrator

2025 October 9

Critical Apache Commons Text Vulnerability 'Text4Shell' Discovered

Critical Apache Commons Text Vulnerability 'Text4Shell' Discovered

Read also:

Related

Latest