CVE-2025-61734
HIGH7.5EPSS 0.08%Apache Kylin Files or Directories Accessible to External Parties
發布日:2025/10/2修改日:2025/11/5
描述
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
受影響套件(7)
- Maven/org.apache.kylin:kylin>= 4.0.0, < 5.0.3
- Maven/org.apache.kylin:kylin-common-server>= 4.0.0, < 5.0.3
- Maven/org.apache.kylin:kylin-common-service>= 4.0.0, < 5.0.3
- Maven/org.apache.kylin:kylin-core-common>= 4.0.0, < 5.0.3
- Maven/org.apache.kylin:kylin-core-metadata>= 4.0.0, < 5.0.3
- Maven/org.apache.kylin:kylin-ops-server>= 4.0.0, < 5.0.3
- Maven/org.apache.kylin:kylin-server>= 4.0.0, < 5.0.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-61734
- PATCHhttps://github.com/apache/kylin
- WEBhttps://github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662
- WEBhttps://github.com/apache/kylin/pull/2332
- WEBhttps://issues.apache.org/jira/browse/KYLIN-6082
- WEBhttps://lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2
- WEBhttp://www.openwall.com/lists/oss-security/2025/09/30/8