Apache Seata vulnerabilities
5 known vulnerabilities affecting apache/seata.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-53606CRITICALCVSS 9.8v2.4.02025-08-08
CVE-2025-53606 [CRITICAL] CWE-502 CVE-2025-53606: Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Ap
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): 2.4.0.
Users are recommended to upgrade to version 2.5.0, which fixes the issue.
nvd
CVE-2025-32897CRITICALCVSS 9.8≥ 2.0.0, < 2.3.02025-06-28
CVE-2025-32897 [CRITICAL] CVE-2025-32897: Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This security vulnera
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow.
This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.
Severity Justification:
The Apache Seata security team assesses the
nvd
CVE-2024-47552CRITICALCVSS 9.8≥ 2.0.0, < 2.2.02025-03-20
CVE-2024-47552 [CRITICAL] CWE-502 CVE-2024-47552: Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affect
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): from 2.0.0 before 2.2.0.
Severity Justification:
The Apache Seata security team assesses the severity of this vulnerability as "Low" due to stringent real-world mitigating factors. First, the vulnerability is strictly is
nvd
CVE-2024-54016MEDIUMCVSS 4.3≥ 2.0.0, < 2.3.02025-03-20
CVE-2024-54016 [MEDIUM] CWE-409 CVE-2024-54016: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incu
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating).
This issue affects Apache Seata (incubating): through <=2.2.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
nvd
CVE-2024-22399CRITICALCVSS 9.8≥ 1.0.0, < 1.8.1v2.0.02024-09-16
CVE-2024-22399 [CRITICAL] CWE-502 CVE-2024-22399: Deserialization of Untrusted Data vulnerability in Apache Seata.
When developers disable authentic
Deserialization of Untrusted Data vulnerability in Apache Seata.
When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol.
This issue affects Apache Seata: 2.0.0, from
nvd