9.8

CVE-2025-27531

EPSS 0.5%
Veröffentlicht 06.06.2025 15:15:23
Zuletzt bearbeitet 23.06.2025 14:24:00
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache InLong: An arbitrary file read vulnerability for JDBC

Deserialization of Untrusted Data vulnerability in Apache InLong. 

This issue affects Apache InLong: from 1.13.0 before 2.1.0, 

this issue would allow an authenticated attacker to read arbitrary files by double writing the param.





Users are recommended to upgrade to version 2.1.0, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Inlong Version >= 1.13.0 < 2.1.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.658

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2025/02/28/2

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-27531

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27531

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27531

EUVD