CVE-2025-68637

EPSS 0.07%
Veröffentlicht 07.01.2026 09:39:04
Zuletzt bearbeitet 16.01.2026 14:34:16
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

The Uniffle HTTP client is configured to trust all SSL certificates and

disables hostname verification by default. This insecure configuration
exposes all REST API communication between the Uniffle CLI/client and the
Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.


This issue affects all versions from before 0.10.0.

Users are recommended to upgrade to version 0.10.0, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Uniffle Version < 0.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-297 Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

https://lists.apache.org/thread/trvdd11hmpbjno3t8rc9okr4t036ox2v

Vendor Advisory

Mailing List

Issue Tracking

http://www.openwall.com/lists/oss-security/2025/12/27/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-68637

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68637

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68637

EUVD