{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-27531","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2025-02-28T03:26:44.566Z","datePublished":"2025-06-06T14:55:28.516Z","dateUpdated":"2025-06-10T15:30:50.280Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache InLong","vendor":"Apache Software Foundation","versions":[{"lessThan":"2.1.0","status":"affected","version":"1.13.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Ming"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Deserialization of Untrusted Data vulnerability in Apache InLong.&nbsp;</p><p>This issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\n<span style=\"background-color: rgb(255, 255, 255);\">this issue would allow an authenticated attacker to read arbitrary files</span><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;by double writing the param.</span>\n\n</span>\n\n</p><p>Users are recommended to upgrade to version 2.1.0, which fixes the issue.</p>"}],"value":"Deserialization of Untrusted Data vulnerability in Apache InLong. \n\nThis issue affects Apache InLong: from 1.13.0 before 2.1.0, \n\nthis issue would allow an authenticated attacker to read arbitrary files by double writing the param.\n\n\n\n\n\nUsers are recommended to upgrade to version 2.1.0, which fixes the issue."}],"metrics":[{"other":{"content":{"text":"moderate"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-502","description":"CWE-502 Deserialization of Untrusted Data","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2025-06-06T14:55:28.516Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/r62lkqrr739wvcb60j6ql6q63rh4bxx5"}],"source":{"discovery":"UNKNOWN"},"title":"Apache InLong: An arbitrary file read vulnerability for JDBC","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/02/28/2"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-06-06T15:04:02.312Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":9.8,"attackVector":"NETWORK","baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-06-10T14:24:11.225978Z","id":"CVE-2025-27531","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-10T15:30:50.280Z"}}]}}