Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.

This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.

Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-32088 Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability
Github GHSA Github GHSA GHSA-f6m8-qm7j-fh65 Apache Kylin Server-Side Request Forgery (SSRF) Vulnerability
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 03 Oct 2025 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*

Fri, 03 Oct 2025 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache kylin
Vendors & Products Apache
Apache kylin

Thu, 02 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 02 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


Thu, 02 Oct 2025 10:00:00 +0000

Type Values Removed Values Added
Description Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Title Apache Kylin: Server-Side Request Forgery
Weaknesses CWE-918
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-10-02T14:11:22.684Z

Reserved: 2025-09-30T15:44:26.073Z

Link: CVE-2025-61735

cve-icon Vulnrichment

Updated: 2025-10-02T14:11:11.140Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-02T10:15:40.250

Modified: 2025-10-03T18:50:46.210

Link: CVE-2025-61735

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-03T08:22:56Z