CVE-2025-61734
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-11-04
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | kylin | From 4.0.0 (inc) to 5.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apache Kylin allows files or directories to be accessible to external parties if the system and project admin access are not well protected. It affects versions from 4.0.0 through 5.0.2, and upgrading to version 5.0.3 fixes the issue.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow unauthorized external parties to access files or directories within Apache Kylin, potentially leading to exposure of sensitive data or system information. The impact depends on how well the system and project admin access are protected.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that Apache Kylin system and project admin access is well protected. Additionally, upgrade Apache Kylin to version 5.0.3 or later, as this version fixes the issue.