CVE-2025-61733

CWE-2884 documents4 sources

Severity

7.5HIGH

EPSS

0.1%

top 75.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Kylin Apache Software Foundation Apache Kylin

Timeline

PublishedOct 2

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDapache/kylin4.0.0 — 5.0.3

▶Mavenorg.apache.kylin:kylin4.0.0 — 5.0.3

▶Mavenorg.apache.kylin:kylin-core-common4.0.0 — 5.0.3

▶CVEListV5apache_software_foundation/apache_kylin4.0.0 — 5.0.2

🔴Vulnerability Details

CVEList

Apache Kylin: Authentication bypass↗2025-10-02

▶

GHSA

Apache Kylin Authentication Bypass Vulnerability↗2025-10-02

▶

OSV

Apache Kylin Authentication Bypass Vulnerability↗2025-10-02

▶