CVE-2025-53606
- EPSS 0.28%
- Published 08.08.2025 09:22:55
- Last modified 11.08.2025 14:53:43
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
CVE-2025-32897
- EPSS 0.16%
- Published 28.06.2025 18:25:18
- Last modified 08.07.2025 14:44:38
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata ...
CVE-2024-54016
- EPSS 0.26%
- Published 20.03.2025 08:59:26
- Last modified 01.04.2025 20:35:54
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
CVE-2024-47552
- EPSS 0.09%
- Published 20.03.2025 08:58:01
- Last modified 01.04.2025 20:36:04
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0. Users are recommended to upgrade to version 2.2.0, which fixes the issue.
CVE-2024-22399
- EPSS 48.13%
- Published 16.09.2024 12:15:02
- Last modified 21.11.2024 08:56:12
Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly ...