PT-2025-23051 · Apache · Apache Inlong
Yulate
·
Published
2025-02-08
·
Updated
2026-01-28
·
CVE-2025-27522
CVSS v4.0
8.1
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.13.0 through 2.1.0
Description
The issue is a deserialization of untrusted data in Apache InLong. This can lead to remote code execution through insecure deserialization during JDBC verification. The issue is a secondary mining bypass for CVE-2024-26579.
Recommendations
Upgrade to Apache InLong version 2.2.0 to resolve the issue.
Alternatively, carefully select a patch from the following pull request: https://github.com/apache/inlong/pull/11732.
Fix
RCE
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Inlong