Refine your search
6 vulnerabilities found for Apache Kylin by Apache Software Foundation
CVE-2025-61735 (GCVE-0-2025-61735)
Vulnerability from nvd
Published
2025-10-02 09:47
Modified
2025-11-04 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kylin |
Version: 4.0.0 ≤ 5.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T14:10:47.999022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:11:22.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:09.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "liuhuajin \u003cliuhuajin1@huawei.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eServer-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u0026nbsp;You are fine as long as the Kylin\u0027s system and project admin access is well protected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u00a0You are fine as long as the Kylin\u0027s system and project admin access is well protected.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T09:47:49.948Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh"
}
],
"source": {
"defect": [
"KYLIN-6082"
],
"discovery": "UNKNOWN"
},
"title": "Apache Kylin: Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61735",
"datePublished": "2025-10-02T09:47:49.948Z",
"dateReserved": "2025-09-30T15:44:26.073Z",
"dateUpdated": "2025-11-04T21:14:09.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61734 (GCVE-0-2025-61734)
Vulnerability from nvd
Published
2025-10-02 09:47
Modified
2025-11-04 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Summary
Files or Directories Accessible to External Parties vulnerability in Apache Kylin.
You are fine as long as the Kylin's system and project admin access is well protected.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kylin |
Version: 4.0.0 ≤ 5.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T17:26:13.841848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T17:26:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:07.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "liuhuajin \u003cliuhuajin1@huawei.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFiles or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin\u0027s system and project admin access is well protected.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin\u0027s system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T09:47:15.317Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2"
}
],
"source": {
"defect": [
"KYLIN-6082"
],
"discovery": "UNKNOWN"
},
"title": "Apache Kylin: improper restriction of file read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61734",
"datePublished": "2025-10-02T09:47:15.317Z",
"dateReserved": "2025-09-30T15:33:31.219Z",
"dateUpdated": "2025-11-04T21:14:07.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61733 (GCVE-0-2025-61733)
Vulnerability from nvd
Published
2025-10-02 09:47
Modified
2025-11-04 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kylin |
Version: 4.0.0 ≤ 5.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T03:55:30.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "liuhuajin \u003cliuhuajin1@huawei.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "high"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T09:47:39.126Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/8wmcffly6gp50nmfw8j4w3hlmv843yo0"
}
],
"source": {
"defect": [
"KYLIN-6081"
],
"discovery": "UNKNOWN"
},
"title": "Apache Kylin: Authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61733",
"datePublished": "2025-10-02T09:47:39.126Z",
"dateReserved": "2025-09-30T15:10:07.939Z",
"dateUpdated": "2025-11-04T21:14:06.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61735 (GCVE-0-2025-61735)
Vulnerability from cvelistv5
Published
2025-10-02 09:47
Modified
2025-11-04 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kylin |
Version: 4.0.0 ≤ 5.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T14:10:47.999022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T14:11:22.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:09.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "liuhuajin \u003cliuhuajin1@huawei.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eServer-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u0026nbsp;You are fine as long as the Kylin\u0027s system and project admin access is well protected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u00a0You are fine as long as the Kylin\u0027s system and project admin access is well protected.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T09:47:49.948Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/yscobmx869zvprsykb94r24jtmb58ckh"
}
],
"source": {
"defect": [
"KYLIN-6082"
],
"discovery": "UNKNOWN"
},
"title": "Apache Kylin: Server-Side Request Forgery",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61735",
"datePublished": "2025-10-02T09:47:49.948Z",
"dateReserved": "2025-09-30T15:44:26.073Z",
"dateUpdated": "2025-11-04T21:14:09.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61733 (GCVE-0-2025-61733)
Vulnerability from cvelistv5
Published
2025-10-02 09:47
Modified
2025-11-04 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kylin |
Version: 4.0.0 ≤ 5.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61733",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T03:55:30.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:06.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "liuhuajin \u003cliuhuajin1@huawei.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "high"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T09:47:39.126Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/8wmcffly6gp50nmfw8j4w3hlmv843yo0"
}
],
"source": {
"defect": [
"KYLIN-6081"
],
"discovery": "UNKNOWN"
},
"title": "Apache Kylin: Authentication bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61733",
"datePublished": "2025-10-02T09:47:39.126Z",
"dateReserved": "2025-09-30T15:10:07.939Z",
"dateUpdated": "2025-11-04T21:14:06.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-61734 (GCVE-0-2025-61734)
Vulnerability from cvelistv5
Published
2025-10-02 09:47
Modified
2025-11-04 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Summary
Files or Directories Accessible to External Parties vulnerability in Apache Kylin.
You are fine as long as the Kylin's system and project admin access is well protected.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Kylin |
Version: 4.0.0 ≤ 5.0.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T17:26:13.841848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T17:26:38.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:07.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Kylin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "5.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "liuhuajin \u003cliuhuajin1@huawei.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eFiles or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin\u0027s system and project admin access is well protected.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 5.0.3, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin\u0027s system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T09:47:15.317Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2"
}
],
"source": {
"defect": [
"KYLIN-6082"
],
"discovery": "UNKNOWN"
},
"title": "Apache Kylin: improper restriction of file read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-61734",
"datePublished": "2025-10-02T09:47:15.317Z",
"dateReserved": "2025-09-30T15:33:31.219Z",
"dateUpdated": "2025-11-04T21:14:07.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}