{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27531", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-02-28T03:26:44.566Z", "datePublished": "2025-06-06T14:55:28.516Z", "dateUpdated": "2025-06-10T15:30:50.280Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache InLong", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "1.13.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ming"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Deserialization of Untrusted Data vulnerability in Apache InLong.&nbsp;</p><p>This issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\n<span style=\"background-color: rgb(255, 255, 255);\">this issue would allow an authenticated attacker to read arbitrary files</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;by double writing the param.</span>\n\n</span>\n\n</p><p>Users are recommended to upgrade to version 2.1.0, which fixes the issue.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in Apache InLong.\u00a0\n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files\u00a0by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-06-06T14:55:28.516Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache InLong: An arbitrary file read vulnerability for JDBC", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/02/28/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-06T15:04:02.312Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-10T14:24:11.225978Z", "id": "CVE-2025-27531", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T15:30:50.280Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/02/28/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-06T15:04:02.312Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-27531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-10T14:24:11.225978Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-10T14:24:15.718Z"}}], "cna": {"title": "Apache InLong: An arbitrary file read vulnerability for JDBC", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ming"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache InLong", "versions": [{"status": "affected", "version": "1.13.0", "lessThan": "2.1.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Apache InLong.\u00a0\n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files\u00a0by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Deserialization of Untrusted Data vulnerability in Apache InLong.&nbsp;</p><p>This issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\n<span style=\"background-color: rgb(255, 255, 255);\">this issue would allow an authenticated attacker to read arbitrary files</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;by double writing the param.</span>\n\n</span>\n\n</p><p>Users are recommended to upgrade to version 2.1.0, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-06-06T14:55:28.516Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27531", "state": "PUBLISHED", "dateUpdated": "2025-06-10T15:30:50.280Z", "dateReserved": "2025-02-28T03:26:44.566Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-06-06T14:55:28.516Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:inlong:*:*:*:*:*:*:*:*", "matchCriteriaId": "834EF91B-E4A3-45F8-9D09-8252C82B2F9D", "versionEndExcluding": "2.1.0", "versionStartIncluding": "1.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Apache InLong.\u00a0\n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files\u00a0by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde la versi\u00f3n 1.13.0 hasta la 2.1.0, este problema permit\u00eda a un atacante autenticado leer archivos arbitrarios mediante la escritura duplicada del par\u00e1metro. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.0, que soluciona el problema."}], "id": "CVE-2025-27531", "lastModified": "2025-06-23T14:24:00.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-06T15:15:23.883", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory", "Mailing List"], "url": "https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://www.openwall.com/lists/oss-security/2025/02/28/2"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{}