CVE-2025-66518
Local File Access Bypass in Apache Kyuubi Server
Publication date: 2026-01-05
Last updated on: 2026-01-05
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | kyuubi | From 1.6.0 (inc) to 1.10.2 (inc) |
| apache | kyuubi | 1.10.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-27 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows any client who can access the Apache Kyuubi Server via Kyuubi frontend protocols to bypass the server-side configuration 'kyuubi.session.local.dir.allow.list'. This means the client can use local files that are not listed or allowed by the server configuration, potentially accessing unauthorized local files.
How can this vulnerability impact me? :
The impact of this vulnerability is that unauthorized clients can access local files on the server that should be restricted by the server configuration. This can lead to exposure of sensitive data, unauthorized file access, and potential compromise of the server environment.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Kyuubi to version 1.10.3 or higher, which fixes the issue.