Is CVE-2025-48734 impacting Jenkins LTS or is it a false positive?

Whether v2.504.1 or v2.504.2, it appears all LTS releases are impacted by CVE-2025-48734 per recent Trivy scans, eg.:

Java (jar)
==========
Total: 2 (HIGH: 2, CRITICAL: 0)

┌───────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│                      Library                      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                            │
├───────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ commons-beanutils:commons-beanutils (jenkins.war) │ CVE-2025-48734 │ HIGH     │ fixed  │ 1.10.1            │ 1.11.0        │ Improper Access Control vulnerability in Apache Commons. A │
│                                                   │                │          │        │                   │               │ special...                                                 │
│                                                   │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2025-48734                 │
├───────────────────────────────────────────────────┤                │          │        ├───────────────────┤               │                                                            │
│ commons-beanutils:commons-beanutils               │                │          │        │ 1.9.4             │               │                                                            │
│ (jenkins-plugin-manager.jar)                      │                │          │        │                   │               │                                                            │
│                                                   │                │          │        │                   │               │                                                            │
└───────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

Anyone knows if the described vulnerability is not applicable to any of the recent LTS releases and should be treated as a false-positive?
Or is it fixed in some other Jenkins version and a new LTS release is already scheduled to tackle this high vulnerability CVE by JAR/WAR packaging updated commons-beanutils?

If I remember correctly, Jenkins does not consider vulnerabilities in dependencies as valid, until there is a reproducible case submitted proven Jenkins is impacted by these. Commonly, you would just ignore these these warnings.