CVE-2025-27531

CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 34.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Inlong Apache Inlong

Timeline

PublishedJun 6

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/inlong1.13.0 — 2.1.0

▶Mavenorg.apache.inlong:inlong-manager1.13.0 — 2.1.0

▶CVEListV5apache_software_foundation/apache_inlong1.13.0 — 2.1.0

🔴Vulnerability Details

CVEList

Apache InLong: An arbitrary file read vulnerability for JDBC↗2025-06-06

▶

OSV

Apache InLong Deserialization of Untrusted Data Vulnerability↗2025-06-06

▶

GHSA

Apache InLong Deserialization of Untrusted Data Vulnerability↗2025-06-06

▶