CVE-2025-59355

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.0.0 through 1.7.0

Description A flaw exists where the decode() function within org.apache.linkis.metadata.util.HiveUtils does not properly handle Base64 decoding failures. When decoding fails, the complete input parameter, which may contain sensitive information like Hive Metastore keys or plaintext passwords, is logged at the error level. This can lead to information leakage if log files are accessible to unauthorized users. The probability of Base64 decoding failure is low, and the leakage is only triggered when error-level logs are exposed.

Recommendations Upgrade to Apache Linkis version 1.8.0 or later, which replaces the logging of the input parameter with desensitized content.