Can you please share the plan to address CVE-2025-48976 in Camunda 7
Camunda 7 uses commons-fileupload 1.6, a version which is not affected by this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2025-48976
Thanks for the reply .
Is this fixed in 7.23 or 7.24 .
I could n’t find this in Security Notices | docs.camunda.org hence confirming ,
In 7.24.
Update of commons-fileupload from 1.5 to 1.6 was made in June this year, part of 7.24.0-alpha2.
See fix(deps): update dependency commons-fileupload:commons-fileupload to… · camunda/camunda-bpm-platform@d6f606e · GitHub
commons-fileupload is used in engine-rest only, not in the core system or the webapp.