Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow.
This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0.

Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 08 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache seata
CPEs cpe:2.3:a:apache:seata:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache seata

Mon, 30 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 28 Jun 2025 18:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata (incubating): from 2.0.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
Title Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server
Weaknesses CWE-502
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-06-30T14:55:56.385Z

Reserved: 2025-04-12T13:34:54.918Z

Link: CVE-2025-32897

cve-icon Vulnrichment

Updated: 2025-06-30T14:55:31.887Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-28T19:15:21.917

Modified: 2025-07-08T14:44:38.643

Link: CVE-2025-32897

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.