CVE-2025-23015, CVE-2024-27137, CVE-2025-24860 in cassandra-all (#159)

CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
CVE-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials
CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Author: maximthomas

cassandra-embedded/pom.xml

@@ -12,7 +12,7 @@
  * Header, with the fields enclosed by brackets [] replaced by your own identifying
  * information: "Portions copyright [year] [name of copyright owner]".
  *
- * Copyright 2019 Open Identity Platform Community.
+ * Copyright 2019-2025 3A Systems LLC.
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
@@ -68,7 +68,7 @@
 		<dependency>
 		    <groupId>org.apache.cassandra</groupId>
 		    <artifactId>cassandra-all</artifactId>
-		    <version>4.1.3</version>
+		    <version>5.0.6</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.lz4</groupId>