CVE-2025-68637

Name of the Vulnerable Software and Affected Versions Uniffle versions prior to 0.10.0

Description The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. The vulnerable component is the HTTP client. The affected API communication involves REST API endpoints.

Recommendations Upgrade to version 0.10.0.