CVE-2025-27531
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-23
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | inlong | From 1.13.0 (inc) to 2.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-27531 is a vulnerability in Apache InLong versions 1.13.0 up to but not including 2.1.0, where deserialization of untrusted data allows an authenticated attacker to read arbitrary files. This happens due to a flaw involving double writing a parameter, which can bypass security controls and lead to unauthorized file access. [1]
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache InLong to version 2.1.0, which fixes the vulnerability. Upgrading to this version is the primary mitigation step to prevent exploitation of the arbitrary file read vulnerability caused by deserialization of untrusted data. [1]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to read arbitrary files on the affected system, potentially exposing sensitive information and compromising system security. This unauthorized file access can lead to data breaches or further exploitation of the system. [1]