Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 15.6: mybatis, ognl Important Security Fix CVE-2025-53192

opensuse
Calendar Grey September 22, 2025
Dist Opensuse Esm H88
Essential security patch released for myBatis and OGNL in openSUSE to mitigate the threat posed by vulnerability CVE-2025-53192, ensuring the protection of systems.
An update that solves one vulnerability can now be installed.

Description

This update for mybatis, ognl fixes the following issues:

Version update to 3.5.7:

* Bug fixes:

* Improved performance under JDK 8. #2223

Version update to 3.5.8:

* List of changes:

* Avoid NullPointerException when mapping an empty string to java.lang.Character. #2368

* Fixed an incorrect argument when initializing static object. This resolves a compatibility issue with quarkus-mybatis. #2284

* Performance improvements. #2297 #2335 #2340

Version update to 3.5.9:

* List of changes:

* Add nullable to . If enabled, it skips the iteration when the collection is null instead of throwing an exception. To enable this feature globally, set nullableOnForEach=true in the config. #1883

Version update to 3.5.10:

* Bug fixes:

* Unexpected illegal reflective access warning (or InaccessibleObjectException on Java 16+) when calling method in OGNL expression. #2392

* IllegalAccessException when auto-mapping Records (JEP-359) #2195

* 'interrupted'...

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch openSUSE-SLE-15.6-2025-3285=1

Package List

* openSUSE Leap 15.6 (noarch)

* ognl-javadoc-3.4.7-150200.5.3.1

* mybatis-3.5.19-150200.5.9.1

* ognl-3.4.7-150200.5.3.1

* mybatis-javadoc-3.5.19-150200.5.9.1

References

* bsc#1248252

## References:

* https://www.suse.com/security/cve/CVE-2025-53192.html

* https://bugzilla.suse.com/show_bug.cgi?id=1248252

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03285-1
Release Date: 2025-09-21T09:18:15Z
Affected Products: * openSUSE Leap 15.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here