CVE-2025-27528

Sažetak

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747

Reference

https://github.com/apache/inlong/pull/11747
https://lists.apache.org/thread/b807rqzgyv4qgvxw3nhkq8tl6g90gqgj
http://www.openwall.com/lists/oss-security/2025/05/28/3

CVSS

Base:	9.1
Impact:	5.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

03-06-2025 - 15:36

Objavljeno

28-05-2025 - 08:15