CVE-2025-27526

CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 39.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Inlong Apache Software Foundation Apache Inlong

Timeline

PublishedMay 28

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/11747

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

▶NVDapache/inlong1.13.0 — 2.2.0

▶Mavenorg.apache.inlong:manager-pojo1.13.0 — 2.2.0

▶CVEListV5apache_software_foundation/apache_inlong1.13 — 2.1.0

🔴Vulnerability Details

CVEList

Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass↗2025-05-28

▶

GHSA

Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass↗2025-05-28

▶

OSV

Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass↗2025-05-28

▶