CVE-2025-27522

CWE-502Deserialization of Untrusted DataCWE-444HTTP Request Smuggling5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache InlongApache Software Foundation Apache Inlong
Timeline
PublishedMay 28

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11732

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

NVDapache/inlong1.13.02.2.0
Mavenorg.apache.inlong:manager-pojo1.13.02.2.0
CVEListV5apache_software_foundation/apache_inlong1.13.02.1.0

🔴Vulnerability Details

3
OSV
Apache InLong: JDBC Vulnerability during verification processing2025-05-28
GHSA
Apache InLong: JDBC Vulnerability during verification processing2025-05-28
CVEList
Apache InLong: JDBC Vulnerability during verification processing2025-05-28

📋Vendor Advisories

1
Microsoft
Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting2023-03-14
CVE-2025-27522 (MEDIUM CVSS 6.5) | Deserialization of Untrusted Data v | cvebase.io