CVE-2025-53648

Awaiting Analysis Awaiting Analysis - Queue

SQL Misconfiguration in Gravitino UI Allows File Read/Truncate

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: Apache Software Foundation

Description

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-30

Last Modified

2026-06-30

Generated

2026-06-30

AI Q&A

2026-06-30

EPSS Evaluated

N/A

NVD

CVE-2025-53648

EUVD

EUVD-2025-210372

Affected Vendors & Products

Vendor	Product	Version / Range
gravitino	ui	to 1.0.0 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

This vulnerability is a SQL misconfiguration in the Gravitino UI software, specifically in versions 1.0.0 and below. It allows a malicious user to read or truncate files on the system.

Impact Analysis

The impact of this vulnerability is that an attacker could potentially read sensitive files or truncate (delete or corrupt) files on the affected system, leading to data loss or unauthorized data disclosure.

Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade the Gravitino UI to version 1.0.0, which fixes the SQL misconfiguration issue.

Hi! I’m here to help you understand CVE-2025-53648. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

SQL Misconfiguration in Gravitino UI Allows File Read/Truncate

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart