CVE-2025-61735

CWE-918 — Server-Side Request Forgery (SSRF)4 documents4 sources

Severity

7.3HIGH

EPSS

0.1%

top 74.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Kylin Apache Software Foundation Apache Kylin

Timeline

PublishedOct 2

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages9 packages

▶Mavenorg.apache.kylin:kylin-server4.0.0 — 5.0.3

▶Mavenorg.apache.kylin:kylin-ops-server4.0.0 — 5.0.3

▶Mavenorg.apache.kylin:kylin-common-server4.0.0 — 5.0.3

▶NVDapache/kylin4.0.0 — 5.0.3

▶Mavenorg.apache.kylin:kylin4.0.0 — 5.0.3

🔴Vulnerability Details

CVEList

Apache Kylin: Server-Side Request Forgery↗2025-10-02

▶

GHSA

Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability↗2025-10-02

▶

OSV

Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability↗2025-10-02

▶