CVE-2025-27531

CRITICAL EPSS 43.1%

Published Jun 6, 20251y ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Jun 6, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

43.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-502 Deserialization of Untrusted Data Validation

Affected Products 1

Vendor	Product	Version	Range
apache	inlong	*	≥1.13.0 – <2.1.0

References 2

openwall.com http://www.openwall.com/lists/oss-security/2025/02/28/2

Mailing ListVendor Advisory
lists.apache.org https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5

Mailing ListVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.