Deserialization of Untrusted Data vulnerability in Apache Seata (incubating).

This issue affects Apache Seata (incubating): 2.4.0.

Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 11 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache seata
CPEs cpe:2.3:a:apache:seata:2.4.0:*:*:*:*:*:*:*
Vendors & Products Apache
Apache seata

Fri, 08 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 08 Aug 2025 09:30:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Title Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server
Weaknesses CWE-502
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-08-08T13:36:03.339Z

Reserved: 2025-07-05T15:05:07.225Z

Link: CVE-2025-53606

cve-icon Vulnrichment

Updated: 2025-08-08T13:34:54.958Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-08T10:15:26.547

Modified: 2025-08-11T14:53:43.920

Link: CVE-2025-53606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T07:48:05Z