Apache Software Foundation Apache Livy vulnerabilities
2 known vulnerabilities affecting apache_software_foundation/apache_livy.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-66249MEDIUMCVSS 6.3≥ 0.3.0-incubating, < 0.9.0-incubating2026-03-13
CVE-2025-66249 [MEDIUM] CWE-22 CVE-2025-66249: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apac
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy.
This issue affects Apache Livy: from 0.3.0 before 0.9.0.
The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the dire
cvelistv5nvd
CVE-2025-60012MEDIUMCVSS 6.3≥ 0.7.0-incubating, < 0.9.0-incubating2026-03-13
CVE-2025-60012 [MEDIUM] CWE-20 CVE-2025-60012: Malicious configuration can lead to unauthorized file access in Apache Livy.
This issue affects Apa
Malicious configuration can lead to unauthorized file access in Apache Livy.
This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later.
A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to.
For the vuln
cvelistv5nvd