{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61734", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2025-09-30T15:33:31.219Z", "datePublished": "2025-10-02T09:47:15.317Z", "dateUpdated": "2025-11-04T21:14:07.897Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Kylin", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "5.0.2", "status": "affected", "version": "4.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "liuhuajin <liuhuajin1@huawei.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.</p><p>This issue affects Apache Kylin: from 4.0.0 through 5.0.2.</p><p>Users are recommended to upgrade to version 5.0.3, which fixes the issue.</p>"}], "value": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-10-02T09:47:15.317Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2"}], "source": {"defect": ["KYLIN-6082"], "discovery": "UNKNOWN"}, "title": "Apache Kylin: improper restriction of file read", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-02T17:26:13.841848Z", "id": "CVE-2025-61734", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-02T17:26:38.587Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/09/30/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:14:07.897Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/09/30/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:14:07.897Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-61734", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-02T17:26:13.841848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-02T17:26:33.242Z"}}], "cna": {"title": "Apache Kylin: improper restriction of file read", "source": {"defect": ["KYLIN-6082"], "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "liuhuajin <liuhuajin1@huawei.com>"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Kylin", "versions": [{"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "5.0.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.</p><p>This issue affects Apache Kylin: from 4.0.0 through 5.0.2.</p><p>Users are recommended to upgrade to version 5.0.3, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2025-10-02T09:47:15.317Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61734", "state": "PUBLISHED", "dateUpdated": "2025-11-04T21:14:07.897Z", "dateReserved": "2025-09-30T15:33:31.219Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2025-10-02T09:47:15.317Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*", "matchCriteriaId": "0732C89B-68F0-406A-977F-C75F554B17DD", "versionEndExcluding": "5.0.3", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."}], "id": "CVE-2025-61734", "lastModified": "2025-11-04T22:16:36.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-02T10:15:40.100", "references": [{"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/09/30/8"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"created": "2025-10-03T08:22:52.786411+00:00", "updated": "2025-10-03T08:22:52.786465+00:00", "vendors": ["apache", "apache$PRODUCT$kylin"]}