Apache · Apache Avro Java Sdk · CVE-2025-33042
**Name of the Vulnerable Software and Affected Versions**
Apache Avro Java SDK versions through 1.11.4 and version 1.12.0
**Description**
An Improper Control of Generation of Code ('Code Injection') issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw could allow attackers to execute arbitrary code. Apache Avro is used as a serialization backbone in the big data ecosystem.
**Recommendations**
Upgrade to version 1.12.1 or 1.11.5 to resolve this issue.