CVE-2025-27528
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
28/05/2025
Last modified:
03/06/2025
Description
Deserialization of Untrusted Data vulnerability in Apache InLong.<br />
<br />
This issue affects Apache InLong: from 1.13.0 through 2.1.0. <br />
<br />
This<br />
vulnerability allows attackers to bypass the security mechanisms of InLong<br />
JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong&#39;s 2.2.0 or cherry-pick [1] to solve it.<br />
<br />
[1] https://github.com/apache/inlong/pull/11747
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:* | 1.13.0 (including) | 2.2.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page