PT-2025-9062 · Apache · Apache Inlong
Ming
·
Published
2025-02-28
·
Updated
2025-06-23
·
CVE-2025-27531
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache InLong versions 1.13.0 through 2.1.0
Description
The issue concerns a deserialization of untrusted data, allowing for an arbitrary file read vulnerability. This can be exploited by bypassing security measures through double writing of a parameter.
Recommendations
For Apache InLong versions 1.13.0 through 2.1.0, consider restricting access to untrusted data deserialization until a patch is available. As a temporary workaround, avoid using the vulnerable JDBC functionality to minimize the risk of exploitation.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Inlong