{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-61734","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2025-09-30T15:33:31.219Z","datePublished":"2025-10-02T09:47:15.317Z","dateUpdated":"2025-11-04T21:14:07.897Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache Kylin","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"5.0.2","status":"affected","version":"4.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"liuhuajin <liuhuajin1@huawei.com>"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.</p><p>This issue affects Apache Kylin: from 4.0.0 through 5.0.2.</p><p>Users are recommended to upgrade to version 5.0.3, which fixes the issue.</p>"}],"value":"Files or Directories Accessible to External Parties vulnerability in Apache Kylin.\n You are fine as long as the Kylin's system and project admin access is well protected.\n\nThis issue affects Apache Kylin: from 4.0.0 through 5.0.2.\n\nUsers are recommended to upgrade to version 5.0.3, which fixes the issue."}],"metrics":[{"other":{"content":{"text":"low"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-552","description":"CWE-552 Files or Directories Accessible to External Parties","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2025-10-02T09:47:15.317Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2"}],"source":{"defect":["KYLIN-6082"],"discovery":"UNKNOWN"},"title":"Apache Kylin: improper restriction of file read","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-02T17:26:13.841848Z","id":"CVE-2025-61734","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-02T17:26:38.587Z"}},{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/09/30/8"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T21:14:07.897Z"}}]}}