CVE-2025-27821
BaseFortify
Publication date: 2026-01-26
Last updated on: 2026-01-27
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | hadoop | From 3.2.0 (inc) to 3.4.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-27821 is a moderate severity out-of-bounds write vulnerability in the URI parser of the Apache Hadoop HDFS native client. It affects versions from 3.2.0 up to, but not including, 3.4.2. This vulnerability allows an out-of-bounds write operation, which could lead to memory corruption or other unintended behavior. The issue has been fixed in version 3.4.2. [1]
How can this vulnerability impact me? :
This vulnerability could lead to memory corruption or other unintended behavior in the Apache Hadoop HDFS native client, potentially causing application crashes, data corruption, or security risks such as arbitrary code execution depending on how the vulnerability is exploited. [1]
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Hadoop HDFS native client to version 3.4.2 or later, where the out-of-bounds write vulnerability has been fixed. [1]