CVE-2025-48734 - commons-beanutils-1.9.4

[yeikel]

Our scans are flagging CVE-2025-48734 from the following paths

• /usr/share/java/kafka/commons-beanutils-1.9.4.jar
• /usr/share/java/cp-base-new/commons-beanutils-1.9.4.jar

I'm not sure whether Confluent can patch these CVEs directly or if a fix is required from the Kafka upstream project first. In any case, it's useful to track this issue here.

Thanks!

[janjwerner-confluent]

@yeikel
Thank you for raising this issue. This will be addressed in one of the upcoming quarterly patch releases.