High:
CVE-2025-48734 - Upgrade commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0 to fix the vulnerability.

Medium:
CVE-2025-48924 - Upgrade org.apache.commons:commons-lang3 from 3.12.0 to 3.18.0 to fix the vulnerability.
CVE-2024-29131 - Upgrade org.apache.commons:commons-configuration2 from 2.8.0 to 2.10.1 to fix the vulnerability.
CVE-2024-29133 - Upgrade org.apache.commons:commons-configuration2 from 2.8.0 to 2.10.1 to fix the vulnerability.

Vulnerability Location
server-lib\commons
client-lib
cli-lib
manager-lib\

Suggested remediation
Upgrade commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0 to fix the vulnerability.
Upgrade org.apache.commons:commons-lang3 from 3.12.0 to 3.18.0 to fix the vulnerability.
Upgrade org.apache.commons:commons-configuration2 from 2.8.0 to 2.10.1 to fix the vulnerability.

Copied from BridgeLink reported issue:
Innovar-Healthcare/BridgeLink#108
Note that the OP on the BridgeLink issue report cited commons-text v1.9 needed to be updated to 1.10, but it appears both repositories are using 1.10 already