CVE-2025-66249

Name of the Vulnerable Software and Affected Versions Apache Livy versions 0.3.0 through 0.8.9

Description An improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in Apache Livy. This issue can be exploited with non-default Apache Livy Server settings. Specifically, if the livy.file.local-dir-whitelist configuration value is set to a non-default value, the directory checking can be bypassed.

Recommendations Upgrade to version 0.9.0 to resolve this issue.