PT-2026-34872 · Apache · Apache Dolphinscheduler
Published
2026-04-24
·
Updated
2026-04-28
·
CVE-2025-62233
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Apache DolphinScheduler versions 3.2.0 through 3.3.0
Description
Deserialization of untrusted data in the RPC module allows attackers with access to Master or Worker nodes to compromise the system. This is achieved by creating a 'StandardRpcRequest', injecting a malicious class type, and sending RPC requests to the affected nodes.
Recommendations
Upgrade to version 3.3.1.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Dolphinscheduler