CVE-2025-30067

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4.0.0 through 5.0.1

Description The issue is related to improper control of generation of code, also known as 'Code Injection'. If an attacker gains access to Kylin's system or project admin permission, they may alter the JDBC connection configuration to execute arbitrary code from a remote location. However, if Kylin's system and project admin access is well protected, the risk is mitigated.

Recommendations For Apache Kylin versions 4.0.0 through 5.0.1, upgrade to version 5.0.2 or above to fix the issue.